15 matches found
CVE-2026-1114
In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens JWT. This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the...
OESA-2026-2483 hplip security update
The Hewlett-Packard Linux Imaging and Printing Project provides drivers for HP printers and multi-function peripherals. Security Fixes: A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the us...
EUVD-2021-30377
Malicious code in bioql PyPI...
UBUNTU-CVE-2025-43023
A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm DSA...
HP Linux Imaging and Printing Software 安全漏洞
HP Linux Imaging and Printing Software is a Hewlett-Packard HP USA installation, usage and management software package that supports HP printers and scanners. A security vulnerability exists in HP Linux Imaging and Printing Software that originates from the use of a weak DSA signing key...
Donetick 安全漏洞
Donetick is an open source, user-friendly application from Donetick Open Source for managing tasks and chores. A security vulnerability exists in Donetick versions prior to 0.1.44, which stems from a weak JWT signing key default that could lead to account takeover...
Xpand IT Write-Back Manager Security Vulnerability
Xpand IT Write-back manager is an extension for Xpand IT. that allows users to enter data directly from Tableau dashboards into the database. A security vulnerability exists in Xpand IT Write-Back Manager version v2.3.1, which stems from the use of a weak key for signing JWT tokens, where an...
PT-2022-11839
Name of the Vulnerable Software and Affected Versions ONLYOFFICE all versions as of 2021-11-08 Description The issue is related to Incorrect Access Control, where signed document download URLs can be forged due to a weak default URL signing key. This allows for potential exploitation, including...
PT-2022-9033 · Hcl +1 · Hcl Verse For Android +1
Name of the Vulnerable Software and Affected Versions: Application affected versions not specified Description: The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital...
Unauthorized Modification
Java SE and Java SE Embedded are vulnerable to unauthenticated modification attacks. An unauthenticated attacker can exploit a flaw in the Security component of OpenJDK which does not allow users to restrict the set of algorithms allowed for Jar integrity verification allowing an attacker to modi...
OpenJDK: MD5 allowed for jar verification (Security, 8171121)
It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm...
OpenJDK: MD5 allowed for jar verification (Security, 8171121)
It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm...
OpenJDK: MD5 allowed for jar verification (Security, 8171121)
It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm...
OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)
It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm...
CVE-2016-5542
It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm...