187 matches found
WordPress plugin UpdraftPlus: WP Backup & Migration Plugin 数据伪造问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. One...
Northern.tech Mender Client 安全漏洞
The Northern.tech Mender Client is a device remote update and management client provided by the Northern.tech company in the United States. Versions of the Northern.tech Mender Client prior to version 5.0.4 contained security vulnerabilities, which were caused by bypassing encryption signature...
CVE-2026-46728
Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...
PT-2026-41468
Name of the Vulnerable Software and Affected Versions Das U-Boot versions prior to 2026.04 Description Das U-Boot allows a Flat Image Tree FIT signature verification bypass. This occurs because hashed-nodes are omitted from a hash, which can lead to the acceptance of unsigned or modified images...
bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...
plunk 数据伪造问题漏洞
Plunk is an open-source email sending and management platform developed by Plunk. Versions of Plunk prior to 0.9.0 contained a data manipulation vulnerability. This vulnerability stems from the /webhooks/sns endpoint accepting Amazon SNS notification payloads without verifying the SNS signature,...
bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...
bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...
bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...
Astra Linux – Vulnerability in Perl
CPAN 2.28 allows for Signature Verification Bypass...
Insufficient Verification of Data Authenticity
Overview dolibarr/dolibarr is a modern and easy to use web software to manage your business. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the dolverifyHash function of the Online Signature Module. An attacker can bypass signature verificati...
CVE-2026-41395 OpenClaw < 2026.3.28 - Webhook Replay via Query Parameter Reordering in Plivo V3
OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call...
New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud
Summary A critical vulnerability exists in the Stripe webhook handler that allows an unauthenticated attacker to forge webhook events and credit arbitrary quota to their account without making any payment. The vulnerability stems from three compounding flaws: 1. The Stripe webhook endpoint does n...
EUVD-2026-24010
OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature validation. An unauthenticated remote attacker can send forged direct messages to create pending pairi...
CVE-2026-41301 OpenClaw 2026.3.22 < 2026.3.31 - Forged Nostr DM Pairing State Creation via Signature Verification Bypass
OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature validation. An unauthenticated remote attacker can send forged direct messages to create pending pairi...
BIT-AUTHENTIK-2026-25922 authentik has a Signature Verification Bypass via SAML Assertion Wrapping
authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does not have the Encryption Certificate setting under...
PT-2026-34234
Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2023-05-18T00-05-36Z through RELEASE.2026-04-11T03-20-12Z Description An authentication bypass exists in the STREAMING-UNSIGNED-PAYLOAD-TRAILER code path. An attacker possessing a valid access key can write arbitrary...
CVE-2026-35205
A flaw was found in Helm, a package manager for Kubernetes. A remote attacker could exploit this vulnerability by providing a malicious plugin that lacks a provenance file. Even when signature verification is enabled, Helm would incorrectly install this unverified plugin, bypassing critical...
Failing Open
Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...
Failing Open
Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...