List of CVEs

research induced Common Vulnerabilities and Exposure (CVE) excerpt

The following is an incomplete list of CVEs and other recognitions assigned during our research to my group members, close collaborators, or myself.

2025

  1. CVE
    CVE-2025-55311: (PDF) Improper Verification of Cryptographic Signature (CWE-347)
    Titus Vollbracht, Sören Borgstedt, Christian Mainka, and Vladislav Mladenov
    CVSS: 6,5 (Medium), Aug 2025
    Website
  2. Kliksafe
    Hall of fame: Kliksafe - Identified a vulnerability in our DoH service
    Matthias Gierlings, Lukas Knittel, and Christian Mainka
    Aug 2025
    Website
  3. CVE
    CVE-2025-54255: (PDF) Violation of Secure Design Principles (CWE-657)
    Titus Vollbracht
    CVSS: 4,0 (Medium), Sep 2025
    Website

2022

  1. CVE
    CVE-2022-25641: (PDF) Incremental Saving Attack / Shadow Attack
    CVSS: 4.4 (Medium), Sep 2022
  2. PSIRT
    PSIRT-14270: (PDF) Execute High Privileged JavaScript Code in a Certified Document
    Sep 2022

2021

  1. CVE
    CVE-2021-25633: (ODF) Content Spoofing and Code Execution
    CVSS: 7.5 (High), Sep 2021
  2. CVE
    CVE-2021-25634: (ODF) Timestamp Manipulation with Signature Wrapping
    CVSS: 7.5 (High), Sep 2021
  3. CVE
    CVE-2021-25635: (ODF) Content Spoofing
    CVSS: 7.5 (High), Sep 2021
  4. CVE
    CVE-2021-25636: (ODF) Content Spoofing and Code Execution
    CVSS: 7.5 (High), Sep 2021
  5. CVE
    CVE-2021-28545: (PDF) Evil Annotation Attack
    CVSS: 8.1 (High), Sep 2021
  6. CVE
    CVE-2021-28546: (PDF) Sneaky Signature Attack
    CVSS: 6.5 (Medium), Sep 2021
  7. CVE
    CVE-2021-40326: (PDF) New Shadow Attack Variant
    CVSS: 5.5 (Medium), Sep 2021
  8. CVE
    CVE-2021-41830: (ODF) Content Spoofing and Code Execution
    CVSS: 7.5 (High), Sep 2021
  9. CVE
    CVE-2021-41831: (ODF) XSW on Signature Timestamp
    CVSS: 5.3 (Medium), Sep 2021
  10. CVE
    CVE-2021-41832: (ODF) Content Spoofing
    CVSS: 7.5 (High), Sep 2021

2020

  1. CVE
    CVE-2020-24432 (PDF) Arbitrary JavaScript Execution
    CVSS: 7.8 (High), Sep 2020
    Website
  2. CVE
    CVE-2020-35931: (PDF) Evil Annotation Attack
    CVSS: 7.8 (High), Sep 2020
  3. CVE
    CVE-2020-9592: (PDF) Shadow Attack
    CVSS: 7.8 (High), Sep 2020
  4. CVE
    CVE-2020-9596: (PDF) Shadow Attack
    CVSS: 7.8 (High), Sep 2020

2018

  1. CVE
    CVE-2018-16042: (PDF) Universal Signature Forgery
    Sep 2018
  2. CVE
    CVE-2018-18688: (PDF) Incremental Saving Attack
    Sep 2018
  3. CVE
    CVE-2018-18689: (PDF) Signature Wrapping Attack
    Sep 2018

2015

  1. Pyoidc
    (Open­ID Con­nect) Pyo­idc.
    In , Sep 2015
    Website
  2. Nimbus
    (OpenID Connect) Nimbus OAuth 2.0 SDK with OpenID Connect Extensions | Connect2id
    In , Sep 2015
    Website

2014

  1. CVE
    CVE-2014-2048: (OpenID) Identity Spoofing in ownCloud
    Sep 2014
    Website
  2. CVE
    CVE-2014-8249: (OpenID) Identity Spoofing
    Sep 2014
  3. CVE
    CVE-2014-8250: (OpenID) Identity Spoofing
    Sep 2014
  4. CVE
    CVE-2014-8251: (OpenID) Identity Spoofing
    Sep 2014
  5. CVE
    CVE-2014-8252: (OpenID) Identity Spoofing
    Sep 2014
  6. CVE
    CVE-2014-8253: (OpenID) Identity Spoofing
    Sep 2014
  7. CVE
    CVE-2014-8254: (OpenID) Identity Spoofing
    Sep 2014
  8. CVE
    CVE-2014-8265: (OpenID) Identity Spoofing
    Sep 2014
  9. CVE
    CVE-2014-8411: (XML) XE DoS in OpenNebula
    Sep 2014
    Website
  10. CVE
    CVE-2014-1475: (OpenID) Identity Spoofing in Drupal
    Sep 2014
    Website
  11. Slashdot
    (OpenID) Security Report: Thanks to Christian Mainka and Vladislav Mladenov - Slashdot
    In , Jul 2014
    Website