Search Vulnerabilities

JWT Algorithm Confusion via Unsafe Default (HS256) in Hono JWT Middleware Allows Token Forgery and Auth Bypass

JWT algorithm confusion in Hono JWK Auth Middleware when JWK lacks "alg" (untrusted header.alg fallback)

Jervis has a JWT Algorithm Confusion Vulnerability

Windows Admin Center Elevation of Privilege Vulnerability

In GnuPG through 2

Ever Gauzy v0.281.9 JWT Authentication Weakness via HMAC Secret

ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay

Node-SAML SAML Authentication Bypass

Acrobat Reader | Improper Verification of Cryptographic Signature (CWE-347)

Acrobat Reader | Improper Verification of Cryptographic Signature (CWE-347)

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8

Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows...

ruby-saml Libxml2 Canonicalization errors can bypass Digest/Signature validation

ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

auth0/node-jws improper HMAC signature verification vulnerability

XML-Sig prior to 0.68 for Perl improperly validates XML without signatures

GoSign Desktop < 2.4.1 Insecure Update Mechanism RCE

Zoom Workplace VDI Client for Windows - Improper Verification of Cryptographic Signature

Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves