Lucene search
K

18 matches found

Snyk
Snyk
added 2026/04/28 6:17 p.m.3 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the VerifyHostToken function due to improper validation of JWT signatures. An attacker can impersonate any host in the network and gain access to sensitive information by forging a JWT signed with an arbitrary...

9.3CVSS5.9AI score0.00298EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/26 10:4 p.m.5 views

Improper Verification of Cryptographic Signature

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the ed25519.verify function. An attacker can bypass authentication and authorization logic by submitting forged non-canonical...

8.7CVSS5.9AI score0.00348EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/20 1:9 p.m.12 views

CVE-2025-31355

A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted malicious file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

7.2CVSS0.0028EPSS
Exploits0References1
Talos
Talos
added 2025/08/20 12:0 a.m.12 views

Tenda AC6 V5.0 Firmware Signature Validation firmware update vulnerability

Talos Vulnerability Report TALOS-2025-2161 Tenda AC6 V5.0 Firmware Signature Validation firmware update vulnerability August 20, 2025 CVE Number CVE-2025-31355 SUMMARY A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A...

9.8CVSS7.2AI score0.0028EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:52 p.m.9 views

CVE-2020-13178

A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process...

6.7CVSS7.3AI score0.00235EPSS
Exploits0
Veracode
Veracode
added 2025/02/24 1:41 p.m.4 views

Authentication Bypass

CIE.AspNetCore.Authentication is vulnerable to Authentication Bypass. The vulnerability is due to improper signature validation due to a flaw in the handling of SAML assertions, allowing an attacker to inject a signed element that bypasses verification and enables impersonation of any Spid or CIE...

9.1CVSS6.9AI score0.0056EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2024/09/19 5:2 p.m.5 views

keycloak-saml-core: Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...

7.7CVSS5.8AI score0.0203EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/09/19 4:43 p.m.72 views

keycloak-saml-core: Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...

7.7CVSS5.8AI score0.0203EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/08/06 12:0 a.m.6 views

PT-2024-12178 · Zscaler · Zscaler Client Connector

Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector on Windows versions prior to 4.2.0.190 Description: The issue is related to an improper validation of signature, allowing an authenticated user to disable anti-tampering. Recommendations: For versions prior to...

6.5CVSS7AI score0.00188EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/17 12:0 a.m.5 views

FreeFrom Security Vulnerabilities

FreeFrom is an application from FreeFrom, Inc. dedicated to bringing privacy and free speech back to SNSs. A security vulnerability exists in FreeFrom versions prior to 1.3.5, which stems from improper application cryptographic signature validation that fails to detect event data with invalid...

5.3CVSS6.8AI score0.00257EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/06/22 12:0 a.m.4 views

Dell EMC PowerStore 数据伪造问题漏洞

Dell EMC PowerStore is a storage device from Dell, Inc. A data forgery issue vulnerability exists in Dell EMC PowerStore versions prior to 3.5, which stems from the inclusion of incorrect cryptographic signature validation, and can be exploited by an attacker to trick an elevated privilege user...

7.8CVSS7.3AI score0.0012EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/04 12:0 a.m.5 views

Schneider Electric EcoStruxure Operator Terminal Expert 数据伪造问题漏洞

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used for creating and editing touch applications. A data forgery vulnerability exists in Schneider Electric EcoStruxure Operator Termin...

7.8CVSS7.6AI score0.0011EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/06/01 12:0 a.m.8 views

PT-2021-24353 · Amazon Web Services · Aws Encryption Sdk For Java

Name of the Vulnerable Software and Affected Versions: AWS Encryption SDK for Java versions 2.0.0 through 2.2.0 AWS Encryption SDK for Java versions less than 1.9.0 Description: The issue concerns the incorrect validation of some invalid ECDSA signatures. This affects the integrity of the...

6.9CVSS7.4AI score0.0021EPSS
Exploits0References12
OSV
OSV
added 2021/01/07 6:15 p.m.5 views

CVE-2018-18689

The Portable Document Format PDF specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected...

5.3CVSS5.6AI score0.03688EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2020/08/11 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-1464

Microsoft Windows contains a spoofing vulnerability when Windows incorrectly validates file signatures, allowing an attacker to bypass security features and load improperly signed files...

7.8CVSS6.9AI score0.41131EPSS
Exploits1References1
OSV
OSV
added 2020/05/19 11:43 a.m.4 views

USN-4365-1 bind9 vulnerabilities

Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service, or possibly use Bind to perform a reflection attack. CVE-2020-8616 Tobias...

8.6CVSS6.8AI score0.93422EPSS
Exploits6References3
OSV
OSV
added 2019/11/07 8:15 p.m.1 views

DEBIAN-CVE-2019-3465

Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...

8.8CVSS7.3AI score0.03024EPSS
Exploits0References1
OSV
OSV
added 2017/02/17 2:59 a.m.3 views

DEBIAN-CVE-2016-9814

The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service memory consumption by leveraging...

9.1CVSS8.9AI score0.02424EPSS
Exploits0References1
Rows per page
Query Builder