Search Vulnerabilities

ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability

Rocket.Chat: SAML signature validation skipped when IdP certificate field is empty

Mastodon: LD-Signature Bypass via JSON-LD Named-Graph Restructuring

Relyra SAML SignatureValue not cryptographically verified -> authentication bypass

WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability

SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification

Netty's wrapping plain trust manager silently disables hostname verification

Apache CXF: WS JSON request filter trusts metadata from an unvalidated first signature entry

UAA accepts SAML Encrypted Assertions authentication bypass

UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc

Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring

Ghidra < 12.1 - Authentication Bypass via Null Signature in PKIAuthenticationModule

SAML Payloads Decrypted Without Valid Signature

XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform

OP-TEE vulnerable to ECDH private key recovery

Signed cookie salt namespace collision in django.http.HttpRequest.get_signed_cookie

PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys

PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed

Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing

OpenLearnX: Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account Takeover