Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step in the AES-OCB provider when an application uses the EVPCipher interface. The handler silently discards the IV, so every message under a given key runs with the all-zero offset state, causing nonce reuse. If...

ANT-2026-KNXJMVYC · wolfSSL · signature-bypass

signature-bypass high CVE-2026-5466 Severity Claude high · Security research firm high · Maintainer - Discovered by Claude Mythos Preview SECURITY RESEARCH FIRM ANALYSIS Triage and disclosure were performed by Calif. Verdict: true positive Severity: high TIMELINE Dates from discovery through publ...

SLasH-DSA: Breaking SLH-DSA Using an Extensible End-To-End Rowhammer Framework

As quantum computing advances, PQC schemes are adopted to replace classical algorithms. Among them is the SLH-DSA that was recently standardized by NIST and is favored for its conservative security foundations. In this work, we present the first software-only universal forgery attack on SLH-DSA,...

PT-2023-19366 · Pqclean · Pqclean

Name of the Vulnerable Software and Affected Versions: PQClean version d03da30 Description: The issue allows universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector. This is related to CRYSTALS-DILITHIUM in Post-Quantum...