CVE-2025-3757 – OpenPubkey Invalid JWS Signature Verification

May 13, 2025

CVE ID : CVE-2025-3757

Published : May 13, 2025, 5:16 p.m. | 1 hour, 48 minutes ago

Description : Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47280 – Umbraco Forms Email Injection Vulnerability

Next Article CVE-2025-32709 – “Windows Ancillary Function Driver for WinSock Use-After-Free Privilege Escalation Vulnerability”

Highlights

CVE-2025-47942 – Open edX Platform Python Lib Zip File Download Unauthorized Access Vulnerability

May 21, 2025

CVE ID : CVE-2025-47942

Published : May 21, 2025, 10:15 p.m. | 35 minutes ago

Description : The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the python_lib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course problems. This potentially affects any course using custom Python-graded problem blocks. The openedx/configuration repo has had a patch since 2016 in the form of an nginx rule, but this was only intended as a temporary mitigation. As the configuration repo has been deprecated and we have not been able to locate any similar protection in Tutor, it is likely that most deployments have no protection against python_lib.zip being downloaded. The recommended mitigation, implemented in commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, restricts python_lib.zip downloads to just the course team and site staff/superusers.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

This week in AI dev tools: A2A donated to Linux Foundation, OpenAI adds Deep Research to API, and more (June 27, 2025)

Microsoft’s Copilot+ has been here over a year and I still don’t care about it — but I do wish I had one of its features

SteelSeries’ latest wireless mouse is cheap and colorful — but is this the one to spend your money on?

DistroWatch Weekly, Issue 1128

Your Slack app is getting a big upgrade – here’s how to try the new AI features

How Code Feedback MCP Enhances AI-Generated Code Quality

How Code Feedback MCP Enhances AI-Generated Code Quality

PRSS Site Creator – Create Blogs and Websites from Your Desktop

Say hello to ECMAScript 2025

Microsoft’s Copilot+ has been here over a year and I still don’t care about it — but I do wish I had one of its features

Microsoft’s Copilot+ has been here over a year and I still don’t care about it — but I do wish I had one of its features

SteelSeries’ latest wireless mouse is cheap and colorful — but is this the one to spend your money on?

Microsoft confirms Windows 11 25H2, might make Windows more stable

CVE-2025-3757 – OpenPubkey Invalid JWS Signature Verification

Synology ABM Flaw (CVE-2025-4679) Leaks Global Client Secret, Exposing ALL Microsoft 365 Tenants

D-Link DIR-816 Router Alert: 6 Critical Flaws (CVSS 9.8) Allow Remote Code Execution, NO PATCHES

Task-Adaptive Pretrained Language Models via Clustered-Importance Sampling

CVE-2025-4198 – Alink Tap Plugin for WordPress Cross-Site Request Forgery (CSRF) Vulnerability

CVE-2025-5152 – “Chanjet CRM SQL Injection Vulnerability”

Il podcast di Marco’s Box – Puntata 207

CVE-2025-47942 – Open edX Platform Python Lib Zip File Download Unauthorized Access Vulnerability

The Division 2 is free to play on all platforms this weekend, right after joining Xbox Game Pass

Community News: Latest PECL Releases (05.20.2025)

Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader

CVE-2025-3757 – OpenPubkey Invalid JWS Signature Verification

Related Posts