Lucene search
+L

344 matches found

RedhatCVE
RedhatCVE
added 2025/05/09 9:44 a.m.13 views

CVE-2025-20958

Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors...

4.4CVSS6.6AI score0.00109EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/07 8:24 a.m.16 views

CVE-2025-20972

Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung Flow configuration...

6.2CVSS0.00113EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/07 8:24 a.m.17 views

CVE-2025-20958

Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors...

4.4CVSS0.00109EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/05/02 10:37 a.m.3 views

Security update for poppler

This update for poppler fixes the following issues: CVE-2025-43903: improper verification of adbe.pkcs7.sha1 signatures allows for signature forgeries. bsc1241620 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

4.3CVSS5AI score0.00097EPSS
Exploits0References4
CVE
CVE
added 2025/04/27 7:4 p.m.153 views

CVE-2025-2866

CVE-2025-2866 affects LibreOffice. A flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid PDF signatures to be accepted as valid, enabling PDF signature spoofing. Affected versions are LibreOffice 24.8 before 24.8.6 and 25.2 before 25.2.2. Public advisories from Debian...

5.5CVSS6.5AI score0.00096EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/04/23 5:16 p.m.12 views

CVE-2025-2763

CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this...

6.8CVSS0.00192EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/23 4:48 p.m.9 views

CVE-2025-2763 CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability

CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this...

6.8CVSS7.5AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/10 6:0 a.m.6 views

CVE-2025-20942

Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Release 1 allows local attackers to reset OAID...

4.4CVSS6.6AI score0.0013EPSS
Exploits0References1
NVD
NVD
added 2025/04/08 5:15 a.m.9 views

CVE-2025-20951

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store...

5.5CVSS0.00135EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/08 4:40 a.m.30 views

CVE-2025-20951

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store...

5.1CVSS0.00135EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/08 4:39 a.m.6 views

CVE-2025-20942

Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Release 1 allows local attackers to reset OAID...

4.4CVSS6.8AI score0.0013EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/08 4:39 a.m.21 views

CVE-2025-20942

Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Release 1 allows local attackers to reset OAID...

4.4CVSS0.0013EPSS
Exploits0References1
Snyk
Snyk
added 2025/04/03 7:47 p.m.4 views

Improper Verification of Cryptographic Signature

Overview github.com/minio/minio/cmd is an open source object storage server compatible with Amazon S3 APIs. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature for unsigned-trailer uploads. An attacker can upload arbitrary objects to buckets by usi...

8.7CVSS7.2AI score0.02402EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.7 views

Improper Verification of Source of a Communication Channel

Overview Flask-Cors is an A Flask extension adding a decorator for CORS support Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel due to improper application of regex path matching rules. An attacker can gain unauthorized cross-origin...

6.9CVSS6.8AI score0.00652EPSS
Exploits1References2
CVE
CVE
added 2025/03/20 10:9 a.m.80 views

CVE-2024-7046

CVE-2024-7046 affects open-webui/open-webui v0.3.8. It is an improper access-control vulnerability that allows an attacker to view the first admin (owner) details by directly calling /api/v1/auths/admin/details without verifying admin privileges. The issue is demonstrated by public PoCs (e.g., a ...

4.3CVSS6.8AI score0.00401EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2025/03/11 7:44 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature through the HTTPRedirect binding process. An attacker can manipulate the message processing by appending a malicious SAMLRequest in front of a valid SAMLResponse, leading to the applicati...

8.6CVSS6.9AI score0.00296EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/11 7:44 p.m.2 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature through the HTTPRedirect binding process. An attacker can manipulate the message processing by appending a malicious SAMLRequest in front of a valid SAMLResponse, leading to the applicati...

8.6CVSS6.9AI score0.00296EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.10 views

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Linux Kernel Improper Certificate Validation (CVE-2022-1343)

Under certain circumstances, the command line OCSP verify function reports successful verification when the varification in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result...

5.3CVSS7.2AI score0.01174EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/02/05 11:45 p.m.9 views

CVE-2022-41666

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfix 1 or prior, Pro-face...

7.8CVSS6.6AI score0.00133EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:30 p.m.24 views

CVE-2022-41669

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3...

7.8CVSS6.6AI score0.0011EPSS
Exploits0References1
Rows per page
Query Builder