Lucene search
K

38447 matches found

OSV
OSV
added 2026/03/23 6:16 a.m.3 views

CVE-2026-4603

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations e.g., verify and encryption to collapse to...

5.1CVSS5.9AI score
Exploits0References4
OSV
OSV
added 2026/03/23 6:16 a.m.5 views

CVE-2026-4601

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...

9.4CVSS5.9AI score
Exploits0References4
OSV
OSV
added 2026/03/23 6:16 a.m.4 views

CVE-2026-4598

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...

8.7CVSS5.9AI score
Exploits0References4
NVD
NVD
added 2026/03/23 6:16 a.m.4 views

CVE-2026-4601

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...

9.4CVSS0.003EPSS
Exploits1References14
NVD
NVD
added 2026/03/23 6:16 a.m.9 views

CVE-2026-4598

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...

8.7CVSS0.00554EPSS
Exploits1References15
Cvelist
Cvelist
added 2026/03/23 5:0 a.m.28 views

CVE-2026-4603

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations e.g., verify and encryption to collapse to...

5.9CVSS0.001EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/23 5:0 a.m.3 views

CVE-2026-4603

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations e.g., verify and encryption to collapse to...

5.9CVSS5.8AI score0.001EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/23 5:0 a.m.2 views

CVE-2026-4603

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations e.g., verify and encryption to collapse to...

5.9CVSS5.8AI score0.001EPSS
Exploits1References4
CVE
CVE
added 2026/03/23 5:0 a.m.9 views

CVE-2026-4603

CVE-2026-4603 affects jsrsasign versions before 11.1.1. The vulnerability stems from the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js, which can cause division by zero and collapse RSA public-key operations (e.g., verify/encrypt) to d...

5.9CVSS5.8AI score0.001EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/23 5:0 a.m.2 views

CVE-2026-4601

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...

9.4CVSS5.8AI score0.003EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/23 5:0 a.m.2 views

CVE-2026-4601

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...

9.4CVSS5.8AI score0.003EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/23 5:0 a.m.33 views

CVE-2026-4601

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...

9.4CVSS0.003EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/23 5:0 a.m.4 views

CVE-2026-4598

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...

8.7CVSS5.8AI score0.00554EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/03/23 5:0 a.m.32 views

CVE-2026-4598

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...

8.7CVSS0.00554EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/23 5:0 a.m.9 views

CVE-2026-4598

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...

8.7CVSS5.8AI score0.00554EPSS
Exploits1References5
CVE
CVE
added 2026/03/23 5:0 a.m.14 views

CVE-2026-4598

CVE-2026-4598 affects the JavaScript crypto library jsrsasign. Versions before 11.1.1 are vulnerable to an infinite loop in bnModInverse (ext/jsbn2.js) when BigInteger.modInverse receives zero or negative inputs, allowing a process to hang. The issue is caused by input handling in modInverse, lea...

8.7CVSS5.8AI score0.00554EPSS
Exploits1References15Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.6 views

PT-2026-27252

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational posts search function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and...

4.3CVSS5.8AI score0.00289EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.14 views

PT-2026-27054

Name of the Vulnerable Software and Affected Versions jsrsasign versions prior to 11.1.1 Description An infinite loop occurs via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs. This allows an attacker to permanently hang th...

8.7CVSS5.8AI score0.00554EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.6 views

PT-2026-27057

Name of the Vulnerable Software and Affected Versions jsrsasign versions prior to 11.1.1 Description The jsrsasign package, versions prior to 11.1.1, contains a flaw in the DSA signing implementation, specifically within the KJUR.crypto.DSA.signWithMessageHash process. This issue allows an attack...

9.4CVSS5.8AI score0.003EPSS
Exploits1References15
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.7 views

jsrsasign 安全漏洞

jsrsasign is a signature verification library developed by Kenji Urushima. Versions of jsrsasign prior to 11.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the bnModInverse function in ext/jsbn2.js, which could cause infinite loops when processing zero or negative...

8.7CVSS5.8AI score0.00554EPSS
Exploits1References5
Rows per page
Query Builder