Astra Linux - уязвимость в node-elliptic

The verify function in lib/elliptic/eddsa/index.js within the Elliptic package, as of version 6.5.6 for Node.js, omits the validation of the condition “sig.S.gtesig.eddsa.curve.n || sig.S.isNeg”...

EUVD-2026-16632

The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'. When processing media messages, it fetches user-controlled URLs 'MediaUrlN' parameters using HTTP requests that include the integration's Twilio credentials in the 'Authorization'...

CVE-2026-3641

The Appmax WordPress plugin (up to version 1.0.3) exposes a public REST API webhook at /webhook-system that lacks webhook signature verification or authentication. The plugin directly processes untrusted input from the 'event' and 'data' parameters, enabling unauthenticated attackers to alter Woo...

CVE-2025-66255

Unauthenticated Arbitrary File Upload upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages. Th...

EUVD-2025-199677

Unauthenticated Arbitrary File Upload upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages. Th...

CVE-2025-66255 Unauthenticated Arbitrary File Upload (upgrade_contents.php)

Unauthenticated Arbitrary File Upload upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages. Th...

EUVD-2018-10404

Malware in sbrugna...

formbricks 数据伪造问题漏洞

formbricks is an open source survey system from Formbricks. A data forgery issue vulnerability exists in versions prior to formbricks 4.0.1 that stems from a lack of JWT signature validation, which could lead to arbitrary JWT forgery and password resets...

Linux Distros Unpatched Vulnerability : CVE-2024-45193

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria does not ensure that S n. Th...

UBUNTU-CVE-2024-45193

An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria does not ensure that S n. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the...

VulnCheck KEV: CVE-2023-4666

The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE...

CVE-2021-20156

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. It is possible to manually install firmware that may be malicious in nature as there does not appear to be any signature validation done to determine if i...

CVE-2017-9457

Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS...