Lucene search
K

51 matches found

RedhatCVE
RedhatCVE
added 2026/06/26 7:18 a.m.7 views

CVE-2026-40941

A flaw was found in Cacti, an open-source performance and fault management framework. This vulnerability allows a remote attacker to bypass the package import signature validation. By exploiting this flaw, an attacker can import self-signed packages, potentially leading to the execution of...

8.8CVSS6AI score0.00159EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 11:17 p.m.3 views

DEBIAN-CVE-2026-40941

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31...

6.5CVSS5.7AI score0.00159EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/18 8:19 p.m.16 views

Unsigned SAML LogoutRequest Acceptance in gosaml2

Summary The ValidateEncodedLogoutRequestPOST function in gosaml2 accepts completely unsigned SAML LogoutRequest messages even when SkipSignatureValidation is set to false. When validateElementSignature returns dsig.ErrMissingSignature, the code in decodelogoutrequest.go:60-62 silently falls throu...

5.9AI score
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:28 p.m.6 views

CVE-2023-40090

In BTMBleVerifySignature of btmble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS7AI score0.00542EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:42 a.m.6 views

CVE-2022-26766

A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation...

5.5CVSS5.5AI score0.02661EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/09 3:40 a.m.7 views

Uncaught Exception

Overview robrichards/xmlseclibs is a PHP library for XML Security. Affected versions of this package are vulnerable to Uncaught Exception in the form of improper handling of canonicalization failures. An attacker can bypass signature or digest validation by submitting specially crafted invalid XM...

7.5CVSS6.9AI score0.00218EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/27 12:30 a.m.6 views

EUVD-2025-199778

XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. An attacker can remove the signature from the XML document to make it pass the verification check. XML-Sig is a Perl module to validate signatures on XML files. An unsigned XML file should retur...

6.3AI score0.00143EPSS
Exploits0References3
NVD
NVD
added 2025/11/26 1:16 a.m.11 views

CVE-2025-66255

Unauthenticated Arbitrary File Upload upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages. Th...

9.9CVSS0.00331EPSS
Exploits1References1
CVE
CVE
added 2025/10/21 12:0 a.m.27 views

CVE-2025-57521

CVE-2025-57521 affects Bambu Studio 2.1.1.52 and earlier. The vulnerability arises at application startup when the program loads a network plug‑in without validating its digital signature or verifying authenticity. A local attacker can place a malicious component in the expected location (e.g., u...

6.1CVSS7.2AI score0.00146EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-3292

Malware in sbrugna...

5.8CVSS6.4AI score0.00836EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-4278

Malicious code in bioql PyPI...

8.1CVSS8AI score0.01119EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/09/19 12:0 a.m.7 views

Zscaler Client Connector < 4.2.0.190 Multiple Vulnerabilities

The version of Zscaler Client Connector installed on the remote Windows host is prior to 4.2.0.190. It is, therefore, affected by multiple vulnerabilities. - An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This iss...

7.8CVSS5.6AI score0.00226EPSS
Exploits0References4
Redos
Redos
added 2025/09/04 12:0 a.m.5 views

ROS-20250904-04

The vulnerability of Module::Signature::verify function of Perl programming language is related to incorrect confirmation of cryptographic data signature. validation of cryptographic data signature. Exploitation of the vulnerability could allow an attacker, acting remotely, gain access to sensiti...

7.8CVSS7.7AI score0.00791EPSS
Exploits1
OSV
OSV
added 2025/02/18 7:25 p.m.22 views

GHSA-36H8-R92J-W9VW The AspNetCore Remote Authenticator for SPID Allows SAML Response Signature Verification Bypass

Description Authentication using Spid and CIE is based on the SAML2 standard which provides for two entities: Identity Provider IdP: the system that authenticates users and provides identity information SAML assertions to the Service Provider, essentially, it is responsible for managing user...

9.1CVSS7.3AI score0.0056EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/12/02 7:1 p.m.4 views

firefox: thunderbird: Unhandled Exception in Add-on Signature Verification

The Mozilla Foundation's Security Advisory: The application can fail to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the...

5.4CVSS7.2AI score0.00347EPSS
Exploits0References9
OSV
OSV
added 2024/11/15 6:15 p.m.5 views

DEBIAN-CVE-2024-52510

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Deskt...

7.5CVSS5.3AI score0.00728EPSS
Exploits0References1
OSV
OSV
added 2024/05/03 2:15 a.m.7 views

CVE-2023-32156

Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute privileged code on the Tesla infotainment system in ord...

8.8CVSS6.2AI score0.00368EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/05/03 2:15 a.m.2 views

CVE-2023-32156

Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute privileged code on the Tesla infotainment system in ord...

9CVSS6.2AI score0.00368EPSS
Exploits0References2
CVE
CVE
added 2024/05/03 1:56 a.m.58 views

CVE-2023-32156

CVE-2023-32156 is a Tesla Model 3 Gateway ECU firmware signature validation bypass vulnerability. The issue stems from improper error handling during firmware updates, allowing network-adjacent attackers to execute arbitrary code with the context of the Gateway ECU after gaining the ability to ru...

9CVSS9.2AI score0.00368EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/04 12:0 a.m.10 views

PT-2023-27263 · Bluetooth · Bluetooth

Name of the Vulnerable Software and Affected Versions: Bluetooth software affected versions not specified Description: The issue is related to a possible way to bypass signature validation due to side channel information disclosure in the BTM BleVerifySignature function of btm ble.cc. This could...

6.5CVSS6.6AI score0.00542EPSS
Exploits0References6
Rows per page
Query Builder