Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the VerifyHostToken function due to improper validation of JWT signatures. An attacker can impersonate any host in the network and gain access to sensitive information by forging a JWT signed with an arbitrary...

Improper Verification of Cryptographic Signature

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the ed25519.verify function. An attacker can bypass authentication and authorization logic by submitting forged non-canonical...

CVE-2025-31355

A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted malicious file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

Tenda AC6 V5.0 Firmware Signature Validation firmware update vulnerability

Talos Vulnerability Report TALOS-2025-2161 Tenda AC6 V5.0 Firmware Signature Validation firmware update vulnerability August 20, 2025 CVE Number CVE-2025-31355 SUMMARY A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A...

CVE-2020-13178

A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process...

Authentication Bypass

CIE.AspNetCore.Authentication is vulnerable to Authentication Bypass. The vulnerability is due to improper signature validation due to a flaw in the handling of SAML assertions, allowing an attacker to inject a signed element that bypasses verification and enables impersonation of any Spid or CIE...

keycloak-saml-core: Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...

keycloak-saml-core: Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...

PT-2024-12178 · Zscaler · Zscaler Client Connector

Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector on Windows versions prior to 4.2.0.190 Description: The issue is related to an improper validation of signature, allowing an authenticated user to disable anti-tampering. Recommendations: For versions prior to...

FreeFrom Security Vulnerabilities

FreeFrom is an application from FreeFrom, Inc. dedicated to bringing privacy and free speech back to SNSs. A security vulnerability exists in FreeFrom versions prior to 1.3.5, which stems from improper application cryptographic signature validation that fails to detect event data with invalid...

Dell EMC PowerStore 数据伪造问题漏洞

Dell EMC PowerStore is a storage device from Dell, Inc. A data forgery issue vulnerability exists in Dell EMC PowerStore versions prior to 3.5, which stems from the inclusion of incorrect cryptographic signature validation, and can be exploited by an attacker to trick an elevated privilege user...

Schneider Electric EcoStruxure Operator Terminal Expert 数据伪造问题漏洞

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used for creating and editing touch applications. A data forgery vulnerability exists in Schneider Electric EcoStruxure Operator Termin...

PT-2021-24353 · Amazon Web Services · Aws Encryption Sdk For Java

Name of the Vulnerable Software and Affected Versions: AWS Encryption SDK for Java versions 2.0.0 through 2.2.0 AWS Encryption SDK for Java versions less than 1.9.0 Description: The issue concerns the incorrect validation of some invalid ECDSA signatures. This affects the integrity of the...

CVE-2018-18689

The Portable Document Format PDF specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected...

VulnCheck KEV: CVE-2020-1464

Microsoft Windows contains a spoofing vulnerability when Windows incorrectly validates file signatures, allowing an attacker to bypass security features and load improperly signed files...

USN-4365-1 bind9 vulnerabilities

Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service, or possibly use Bind to perform a reflection attack. CVE-2020-8616 Tobias...

DEBIAN-CVE-2019-3465

Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...

DEBIAN-CVE-2016-9814

The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service memory consumption by leveraging...