Lucene search
+L

101 matches found

nvd
nvd
added 2026/07/02 7:16 p.m.9 views

CVE-2026-13743

CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication...

5.2CVSS0.00116EPSS
Exploits0References1
euvd
euvd
added 2026/07/02 6:35 p.m.7 views

EUVD-2026-41419

CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication...

5.2CVSS5.9AI score0.00116EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/07/02 12:0 a.m.12 views

PT-2026-55283

Name of the Vulnerable Software and Affected Versions CubeSpace CW0057 Reaction Wheel versions prior to 5.0.20 Description An improper verification of cryptographic signature allows an attacker with physical access to the product to upload arbitrary malicious firmware to the device without...

5.2CVSS6AI score0.00116EPSS
Exploits0References6
nvd
nvd
added 2026/06/29 4:16 p.m.10 views

CVE-2026-13742

Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...

5.8CVSS0.00083EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/29 3:19 p.m.6 views

CVE-2026-13742

Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...

5.8CVSS5.8AI score0.00083EPSS
Exploits0References2
osv
osv
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-525 rfc3161-client has insufficient verification for timestamp response signatures

Impact rfc3161-client 1.0.2 and earlier contain a flaw in their timestamp response signature verification logic. In particular, it performs chain verification against the TSR's embedded certificates up to the trusted roots, but fails to verify the TSR's own signature against the timestamping leaf...

9.3CVSS5.7AI score0.00147EPSS
Exploits0References6
euvd
euvd
added 2026/06/26 12:32 a.m.9 views

EUVD-2026-39581

PKCS7verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted...

5.9CVSS5.8AI score0.00171EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/24 9:37 p.m.24 views

CVE-2026-9779 ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability

ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The...

7.2CVSS0.00376EPSS
Exploits0References2
snyk
snyk
added 2026/05/28 4:50 p.m.11 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the jwt.decode or jwt.decodecomplete functions when used with a PyJWK key. An attacker can bypass algorithm restrictions and gain unauthorized access to protected resources by signing...

5.4CVSS5.8AI score0.00127EPSS
Exploits1References2
cvelist
cvelist
added 2026/05/26 9:1 p.m.38 views

CVE-2026-45575 epa4all-client: Improper Verification of Cryptographic Signature

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects uripukidpenc and...

7.4CVSS0.00118EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/26 12:0 a.m.10 views

epa4all-client 信任管理问题漏洞

epa4all-client is an open-source document writing client tool developed by Oviva AG. Versions of epa4all-client prior to 1.2.1 contained a trust management vulnerability. This vulnerability stemmed from the ECDSA signature verification in SignedPublicKeysTrustValidatorImpl.isTrusted, where the...

8.1CVSS5.8AI score0.00121EPSS
Exploits0References3
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in LibreOffice

In the affected versions of LibreOffice, a flaw in the verification code for adbe.pkcs7.sha1 signatures may allow invalid signatures to be accepted as valid. This issue affects LibreOffice versions starting from 24.8 before 24.8.6, and from 25.2 before 25.2.2...

5.5CVSS6.4AI score0.00096EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/05/16 7:56 a.m.18 views

CVE-2024-36334

Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution...

7CVSS6AI score0.00082EPSS
Exploits0References1
nessus
nessus
added 2026/05/11 12:0 a.m.6 views

Ubuntu 24.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8258-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8258-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the...

9.8CVSS6AI score0.00788EPSS
Exploits1References176
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.14 views

apko 数据伪造问题漏洞

Apko is an open-source OCI image builder based on APK. Versions of Apko prior to 1.2.7 had a data manipulation vulnerability. This vulnerability stemmed from verifying the APKINDEX.tar.gz signature but failing to compare the downloaded.apk package with the checksum in the signature index. This...

7.5CVSS5.7AI score0.00159EPSS
Exploits0References2
nessus
nessus
added 2026/05/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-7689

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library...

6.3CVSS5.1AI score0.00145EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/03 9:30 a.m.3 views

CVE-2026-7689 Dolibarr ERP CRM Online Signature security.lib.php dol_verifyHash signature verification

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...

6.3CVSS5.1AI score0.00145EPSS
Exploits0References4
euvd
euvd
added 2026/05/03 9:30 a.m.17 views

EUVD-2026-26827

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...

6.3CVSS5.1AI score0.00145EPSS
Exploits0References4
osv
osv
added 2026/04/28 4:30 p.m.8 views

USN-8185-2 linux-nvidia-lowlatency vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

9.8CVSS6.8AI score0.00385EPSS
Exploits0References174
cve
cve
added 2026/04/28 12:0 a.m.33 views

CVE-2026-38651

CVE-2026-38651 concerns Netmaker (versions prior to 1.5.0). The root cause is a JWT verification flaw in VerifyHostToken (logic/jwts.go) that fails to validate signatures, enabling an attacker to forge a host token with any key to impersonate a host and access sensitive information. The CVSS 3.1 ...

8.2CVSS5.4AI score0.00298EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder