Unsigned SAML LogoutRequest Acceptance in gosaml2

Summary The ValidateEncodedLogoutRequestPOST function in gosaml2 accepts completely unsigned SAML LogoutRequest messages even when SkipSignatureValidation is set to false. When validateElementSignature returns dsig.ErrMissingSignature, the code in decodelogoutrequest.go:60-62 silently falls throu...

CVE-2023-40090

In BTMBleVerifySignature of btmble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2022-26766

A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation...

Uncaught Exception

Overview robrichards/xmlseclibs is a PHP library for XML Security. Affected versions of this package are vulnerable to Uncaught Exception in the form of improper handling of canonicalization failures. An attacker can bypass signature or digest validation by submitting specially crafted invalid XM...

EUVD-2025-199778

XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. An attacker can remove the signature from the XML document to make it pass the verification check. XML-Sig is a Perl module to validate signatures on XML files. An unsigned XML file should retur...

CVE-2025-66255

Unauthenticated Arbitrary File Upload upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages. Th...

CVE-2025-57521

CVE-2025-57521 affects Bambu Studio 2.1.1.52 and earlier. The vulnerability arises at application startup when the program loads a network plug‑in without validating its digital signature or verifying authenticity. A local attacker can place a malicious component in the expected location (e.g., u...

EUVD-2012-3292

Malware in sbrugna...

EUVD-2022-4278

Malicious code in bioql PyPI...

Zscaler Client Connector < 4.2.0.190 Multiple Vulnerabilities

The version of Zscaler Client Connector installed on the remote Windows host is prior to 4.2.0.190. It is, therefore, affected by multiple vulnerabilities. - An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This iss...

ROS-20250904-04

The vulnerability of Module::Signature::verify function of Perl programming language is related to incorrect confirmation of cryptographic data signature. validation of cryptographic data signature. Exploitation of the vulnerability could allow an attacker, acting remotely, gain access to sensiti...

GHSA-36H8-R92J-W9VW The AspNetCore Remote Authenticator for SPID Allows SAML Response Signature Verification Bypass

Description Authentication using Spid and CIE is based on the SAML2 standard which provides for two entities: Identity Provider IdP: the system that authenticates users and provides identity information SAML assertions to the Service Provider, essentially, it is responsible for managing user...

firefox: thunderbird: Unhandled Exception in Add-on Signature Verification

The Mozilla Foundation's Security Advisory: The application can fail to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the...

DEBIAN-CVE-2024-52510

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Deskt...

CVE-2023-32156

Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute privileged code on the Tesla infotainment system in ord...

CVE-2023-32156

Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute privileged code on the Tesla infotainment system in ord...

CVE-2023-32156

CVE-2023-32156 is a Tesla Model 3 Gateway ECU firmware signature validation bypass vulnerability. The issue stems from improper error handling during firmware updates, allowing network-adjacent attackers to execute arbitrary code with the context of the Gateway ECU after gaining the ability to ru...

PT-2023-27263 · Bluetooth · Bluetooth

Name of the Vulnerable Software and Affected Versions: Bluetooth software affected versions not specified Description: The issue is related to a possible way to bypass signature validation due to side channel information disclosure in the BTM BleVerifySignature function of btm ble.cc. This could...

CVE-2023-41991

A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7...

CVE-2023-41991

A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7...