229 matches found
Krajowa Izba Rozliczeniowa Szafir SDK 安全漏洞
Krajowa Izba Rozliczeniowa Szafir SDK is an electronic signature development kit from Krajowa Izba Rozliczeniowa, Poland. A security vulnerability exists in the Krajowa Izba Rozliczeniowa Szafir SDK that stems from the cryptographic digital signature verification process returning a success statu...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of verification of the release report content for RTL8922DE in rtw89 PCI, potentially leading ...
CLSA-2026-1775119189 gnupg2: Fix of CVE-2025-30258
CVE-2025-30258: fix verification DoS due to a malicious subkey in the keyring...
GHSA-VM9R-H74P-HG97 jose vulnerable to untrusted JWK header key acceptance during signature verification
Impact A vulnerability in jose versions up to and including 0.3.5 could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could treat header-provided jwk as a verification candidat...
jsrsasign 安全漏洞
jsrsasign is a signature verification library developed by Kenji Urushima. Versions of jsrsasign prior to 11.1.1 contained security vulnerabilities. These vulnerabilities stemmed from numerical type conversion errors during the handling of negative exponents in the ext/jsbn2.js file, which could...
CVE-2026-33243
Barebox contains a vulnerability in the FIT signing flow: during mkimage, the hashed-nodes property of the FIT signature node is computed, but the hashed-nodes value is not itself protected by the hash. An attacker can modify hashed-nodes to influence which nodes were reported as hashed, potentia...
Cross-site Request Forgery (CSRF)
fastapi-sso is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing persistence and verification of the OAuth state parameter, which allows an attacker to supply a malicious callback URL and link their account to a victim’s session...
GHSA-HPWG-XG7M-3P6M sm-crypto Affected by Signature Forgery in SM2-DSA
Summary A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto. Under default configurations, an attacker can forge valid signatures for arbitrary public keys. If the message space contains sufficient redundancy, the attacker can fix the prefix of the messag...
PT-2026-3894
Name of the Vulnerable Software and Affected Versions sm-crypto versions prior to 0.3.14 Description The sm-crypto library, providing JavaScript implementations of Chinese cryptographic algorithms SM2, SM3, and SM4, contains a signature malleability issue in its SM2 signature verification logic. ...
CVE-2025-68964
Data verification vulnerability in the HiView module. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-68964
CVE-2025-68964 affects Huawei HarmonyOS HiView module. Public docs describe a data verification vulnerability in HiView that can impact availability if exploited. Descriptions from multiple sources (NVD, Red Hat, CIRCL, CNNVD, etc.) reiterate the issue as a data verification flaw in the HiView co...
CVE-2025-68964
Data verification vulnerability in the HiView module. Impact: Successful exploitation of this vulnerability may affect availability...
PT-2026-2569
Data verification vulnerability in the HiView module. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2021-22444
There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause code injection...
CVE-2021-22381
There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause an infinite loop in DoS...
CVE-2021-22448
There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of some files...
EUVD-2025-201679
Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity...
CVE-2025-46774
An Improper Verification of Cryptographic Signature vulnerability CWE-347 in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables...
EUVD-2020-0088
Malware in sbrugna...
EUVD-2014-5836
Malware in sbrugna...