46 matches found
CVE-2025-47222
A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information...
PT-2025-46910
Name of the Vulnerable Software and Affected Versions Keyfactor SignServer versions prior to 7.3.1 Description Keyfactor SignServer has an issue with Incorrect Access Control. This allows for an authentication bypass. Recommendations Update to version 7.3.1 or later...
Keyfactor SignServer 安全漏洞
Keyfactor SignServer is a digital signature engine from Keyfactor USA. A security vulnerability exists in Keyfactor SignServer versions prior to 7.3.1 that stems from improper access control...
CVE-2025-47220
A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLESIGNATURECUSTOMIMAGEPATH, which exists in the PDFSigner and the PAdESSigner, can be set to any path without any restrictions by an admin user. In the case that the provided path points to an...
CVE-2025-47221
An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. The properties ARCHIVETODISKFILENAME-PATTERN, ARCHIVETODISKPATHBASE, ARCHIVETODISKPATHPATTERN can be set to any path, even ones that will point to files that already exist. This vulnerability gives a user with admi...
CVE-2025-47220
A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLESIGNATURECUSTOMIMAGEPATH, which exists in the PDFSigner and the PAdESSigner, can be set to any path without any restrictions by an admin user. In the case that the provided path points to an...
Keyfactor SignServer 安全漏洞
Keyfactor SignServer is a digital signature engine from Keyfactor USA. A security vulnerability exists in Keyfactor SignServer versions prior to 7.3.1 that stems from improper access control...
CVE-2025-47221
An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. The properties ARCHIVETODISKFILENAME-PATTERN, ARCHIVETODISKPATHBASE, ARCHIVETODISKPATHPATTERN can be set to any path, even ones that will point to files that already exist. This vulnerability gives a user with admi...
CVE-2025-47222
Keyfactor SignServer is affected in versions prior to 7.3.2 by a class name enumeration vulnerability that allows information about loaded classes to be exposed to the client side when setting a chosen class name in properties requiring a class path. The issue arises from an unexpected difference...
CVE-2025-47221
CVE-2025-47221 : Keyfactor SignServer versions before 7.3.2 contain an arbitrary file write flaw. The ARCHIVETODISK_FILENAME-PATTERN, ARCHIVETODISK_PATH_BASE, and ARCHIVETODISK_PATH_PATTERN properties can be set to any path, enabling a user with admin access to write files in arbitrary server dir...
PT-2025-46909
Name of the Vulnerable Software and Affected Versions Keyfactor SignServer versions prior to 7.3.1 Description Keyfactor SignServer has an issue with Incorrect Access Control. This allows for an authentication bypass. Recommendations Update Keyfactor SignServer to version 7.3.1 or later...
PT-2025-46908
Name of the Vulnerable Software and Affected Versions Keyfactor SignServer versions prior to 7.3.1 Description Keyfactor SignServer has an issue with Incorrect Access Control. This allows for authentication bypass. Recommendations Update to version 7.3.1 or later...
CVE-2025-47220
Keyfactor SignServer (versions prior to 7.3.2) contains a local file enumeration vulnerability in the VISIBLE_SIGNATURE_CUSTOM_IMAGE_PATH used by PDFSigner and PAdESSigner. An admin user can set this path without restrictions; if the path points to an existing file readable by the application ser...
CVE-2025-47222
A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information...
CVE-2025-47222
A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information...
Keyfactor SignServer 安全漏洞
Keyfactor SignServer is a digital signature engine from Keyfactor USA. A security vulnerability exists in Keyfactor SignServer versions prior to 7.3.1 that stems from improper access control...
EUVD-2022-31052
Malicious code in bioql PyPI...
CVE-2022-26494
An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name...
CVE-2022-26494
An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name...
CVE-2022-26494
An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name...