CVE-2024-49365 – Tiny-SECP256K1 JSON-Stringifyable Message Verification Bypass Vulnerability

July 1, 2025

CVE ID : CVE-2024-49365

Published : July 1, 2025, 3:15 a.m. | 4 hours, 18 minutes ago

Description : tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a malicious JSON-stringifyable message can be made passing on verify(), when global Buffer is the buffer package. This affects only environments where require(‘buffer’) is the NPM buffer package. Buffer.isBuffer check can be bypassed, resulting in strange objects being accepted as a message, and those messages could trick verify() into returning false-positive true values. This issue has been patched in version 1.1.7.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5967 – “ENS HX Stored Cross-Site Scripting Vulnerability”

Next Article CVE-2024-49364 – Tiny-SECP256k1 Buffer Package Private Key Extraction Vulnerability

Highlights

CVE-2024-58134 – Mojolicious Default HMAC Session Secret Vulnerability

May 3, 2025

CVE ID : CVE-2024-58134

Published : May 3, 2025, 4:15 p.m. | 1 hour, 16 minutes ago

Description : Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application’s class name, as a HMAC session secret by default.

These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Streamlining Context Validation in Laravel

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

The impact of gray work on software development

CSS Intelligence: Speculating On The Future Of A Smarter Language

Your Roku has secret menus and screens – here’s how to unlock them

Add Paramount+, STARZ, and more to your Prime Video account for $0.99 a month – here’s how

My new favorite keychain accessory gives me 2TB of SSD storage instantly

HP’s latest OmniBook finally sold me on the 2-in-1 form factor (and it’s on sale)

Simplifying Stream Handling with Laravel’s resource Method

Simplifying Stream Handling with Laravel’s resource Method

Intelligent Parsing and Formatting of Names in PHP Applications

This Week in Laravel: Cursor Rules, Nightwatch Review, and Race Conditions

Microsoft confirms Windows 11 KB5060829 issues, but you can safely ignore it

Microsoft confirms Windows 11 KB5060829 issues, but you can safely ignore it

Hash Calculator – calculates around 50 cryptographic hashes of strings and files

Rilasciato Thunderbird 140 ESR: Un’attenzione alle esigenze aziendali

CVE-2024-49365 – Tiny-SECP256K1 JSON-Stringifyable Message Verification Bypass Vulnerability

213% Increase in Ransomware Attacks Targeting Organizations With First Quarter of 2025

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309)

CVE-2025-43952 – Mettler Toledo FreeWeight.Net Web Reports Viewer Cross-Site Scripting (XSS)

CVE-2025-46825 – Kanboard Stored Cross-Site Scripting (XSS) Vulnerability

CVE-2025-46335 – MobSF Stored XSS Vulnerability in Android APK Analysis

Hackers exploited Windows WebDav zero-day to drop malware

CVE-2024-58134 – Mojolicious Default HMAC Session Secret Vulnerability

Streamlining Context Validation in Laravel

CVE-2025-49197 – Cisco FTP Weak Password Hash

CVE-2025-40572 – Siemens SCALANCE LPE9403 Privilege Escalation

CVE-2024-49365 – Tiny-SECP256K1 JSON-Stringifyable Message Verification Bypass Vulnerability

Related Posts