Lucene search
+L

343 matches found

Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.13 views

PT-2026-23431

Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

7.1CVSS5.9AI score0.0007EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/04 8:55 p.m.4 views

Improper Verification of Cryptographic Signature

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in jwt.decode, which accepts alg: none. An attacker can gain unauthorized access, escalate privileges, or modify...

9.8CVSS5.8AI score0.00425EPSS
Exploits1References2
CVE
CVE
added 2026/02/23 3:2 a.m.27 views

CVE-2026-2968

Cesanta Mongoose up to 7.20 is affected in mg_chacha20_poly1305_decrypt (tls_chacha20.c, Poly1305 Authentication Tag Handler). The issue is improper verification of the cryptographic signature, with a remote attack vector. Descriptions indicate high complexity for exploitation and that the exploi...

6.3CVSS4.5AI score0.00218EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/19 9:16 a.m.3 views

CVE-2026-22269

Dell PowerProtect Data Manager, versions prior to 19.22, contains an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass...

4.7CVSS5.9AI score
Exploits0References1
NVD
NVD
added 2026/02/19 9:16 a.m.10 views

CVE-2026-22269

Dell PowerProtect Data Manager, versions prior to 19.22, contains an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass...

4.7CVSS0.00171EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 9:6 a.m.15 views

CVE-2026-22266

Dell PowerProtect Data Manager, prior to version 19.22, is affected by an Improper Verification of Source of a Communication Channel in the REST API. The issue could allow a high-privileged, remote attacker to bypass protection mechanisms via the REST API. Exploitation details or exploit availabi...

8.8CVSS5.6AI score0.00275EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/19 9:0 a.m.30 views

CVE-2026-22269

Dell PowerProtect Data Manager, versions prior to 19.22, contains an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass...

4.7CVSS0.00171EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.11 views

PT-2026-20781

Dell PowerProtect Data Manager, versions prior to 19.22, contains an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass...

4.7CVSS5.6AI score0.00171EPSS
Exploits0References1
OSV
OSV
added 2026/02/17 9:29 p.m.9 views

GHSA-7V42-G35V-XRCH Improper Digest Verification in httpsig-hyper May Allow Message Integrity Bypass

Impact An issue was discovered in httpsig-hyper where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison: rust if matches!digest, expecteddigest treated expecteddigest as a pattern binding rather than a value comparison,...

7.5CVSS5.6AI score0.00162EPSS
Exploits0References7
Snyk
Snyk
added 2026/02/17 12:3 p.m.5 views

Improper Verification of Cryptographic Signature

Overview org.webjars.npm:sjcl is a Stanford Javascript Crypto Library Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key b...

8.7CVSS5.8AI score0.00246EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.12 views

WordPress plugin Videospirecore Theme Plugin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS5.8AI score0.00316EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/10 3:39 p.m.27 views

CVE-2025-62439

An Improper Verification of Source of a Communication Channel vulnerability CWE-940 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations t...

4.2CVSS0.00138EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/27 8:43 a.m.5 views

EUVD-2026-4759

Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules. This vulnerability is associated with program files SeekableOutputStream.Java. This issue affects quick-media:...

5.3CVSS5.9AI score0.00341EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/22 3:45 a.m.5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the VerifyDelegate function. An attacker in control of a compromised TUF repository can bypass signature validation and modify metadata files by setting the signature threshold to 0...

8.2CVSS5.5AI score0.00196EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/21 4:13 p.m.4 views

Improper Verification of Cryptographic Signature

Overview org.webjars.npm:sm-crypto is a sm-crypto Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the SM2 signature verification process. An attacker can bypass signature validation by forging signatures for arbitrary public keys. Remediatio...

8.7CVSS6AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/21 4:13 p.m.3 views

Improper Verification of Cryptographic Signature

Overview sm-crypto is a sm-crypto Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the SM2 signature verification process. An attacker can create a new valid signature for a previously signed message by manipulating an existing signature...

8.7CVSS5.9AI score0.0019EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/20 8:55 p.m.5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the JWT verification process. An attacker can gain unauthorized enrollment of rogue devices by submitting a forged JWT with arbitrary identity claims, as the system fails to verify th...

9.8CVSS5.8AI score0.00226EPSS
Exploits0References2
NVD
NVD
added 2026/01/20 4:16 p.m.6 views

CVE-2025-36418

IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges...

9.8CVSS0.0015EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/10 6:53 a.m.3 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the VerifyBundle function in the verify.go file. An attacker can bypass artifact integrity checks by crafting a bundle that includes any arbitrary Rekor entry, allowing successful...

6.8CVSS6.9AI score0.00077EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:21 a.m.15 views

CVE-2021-22448

There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of some files...

9.1CVSS6.9AI score0.00727EPSS
Exploits0References1
Rows per page
Query Builder