Lucene search
K

977 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:9 p.m.8 views

CVE-2018-18688

The Portable Document Format PDF specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or...

5.3CVSS6.5AI score0.01133EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:42 a.m.6 views

CVE-2022-26766

A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation...

5.5CVSS5.5AI score0.02661EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:8 a.m.8 views

CVE-2019-20834

An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows signature validation bypass via a modified file or a file with non-standard signatures...

7.5CVSS7AI score0.01004EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:33 a.m.13 views

CVE-2024-39698

electron-updater allows for automatic updates for Electron apps. The file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by cmd.exe expands any...

7.5CVSS7.1AI score0.00336EPSS
Exploits1References1
OSV
OSV
added 2025/12/17 5:15 p.m.7 views

CVE-2025-65855

The OTA firmware update mechanism in Netun Solutions HelpFlash IoT firmware v18178221102ASCIIPRO1R550 uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mod...

6.6CVSS6.3AI score0.00085EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/11 5:3 a.m.9 views

CVE-2025-65295

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated...

8.1CVSS6.8AI score0.002EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/11 12:30 a.m.4 views

EUVD-2025-202637

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated...

8.1CVSS6.3AI score0.002EPSS
Exploits1References2
NVD
NVD
added 2025/12/10 10:16 p.m.6 views

CVE-2025-65295

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated...

8.1CVSS0.002EPSS
Exploits1References1
OSV
OSV
added 2025/12/10 10:16 p.m.5 views

CVE-2025-65295

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated...

8.1CVSS5.8AI score0.002EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/10 12:0 a.m.19 views

CVE-2025-65295

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated...

0.002EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.5 views

PT-2025-50544

Name of the Vulnerable Software and Affected Versions Aqara Hub versions 4.1.9 0027, 4.3.6 0027, and 4.3.6 0025 Description The Aqara Hub firmware update process has flaws that could allow attackers to install malicious firmware without proper verification. The device does not validate firmware...

8.1CVSS6.5AI score0.002EPSS
Exploits1References5
Snyk
Snyk
added 2025/12/09 3:40 a.m.9 views

Uncaught Exception

Overview robrichards/xmlseclibs is a PHP library for XML Security. Affected versions of this package are vulnerable to Uncaught Exception in the form of improper handling of canonicalization failures. An attacker can bypass signature or digest validation by submitting specially crafted invalid XM...

7.5CVSS6.9AI score0.00218EPSS
Exploits1References2
EUVD
EUVD
added 2025/12/09 2:41 a.m.5 views

EUVD-2025-201790

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Versions 3.1.3 contain an authentication bypass vulnerability due to a flaw in the libxml2 canonicalization process during document transformation. When libxml2’s canonicalization is invoked on an invalid XML...

6CVSS6.5AI score0.00218EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.6 views

Ivanti Endpoint Manager 数据伪造问题漏洞

Ivanti Endpoint Manager EPM is a suite of endpoint security managers from Ivanti USA. A data forgery issue vulnerability exists in versions prior to Ivanti Endpoint Manager 2024 SU4 SR1 that stems from improper cryptographic signature validation and could lead to remote code execution...

7.8CVSS7.7AI score0.00475EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.12 views

Fortinet FortiWeb 数据伪造问题漏洞

Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A data forgery vulnerability exists in...

9.8CVSS8AI score0.2367EPSS
Exploits1References1
Veracode
Veracode
added 2025/12/03 9:6 a.m.8 views

Improper Input Validation

github.com/consensys/gnark-crypto is vulnerable to Improper Input Validation. The vulnerability is due to missing range checks during deserialization of ECDSA and EdDSA signature values, which allows an attacker to craft signatures with zero or out-of-range inputs that can trigger a null pointer...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/27 12:58 a.m.10 views

CVE-2025-66255

Unauthenticated Arbitrary File Upload upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages. Th...

9.9CVSS7.8AI score0.00331EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/27 12:30 a.m.6 views

EUVD-2025-199778

XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. An attacker can remove the signature from the XML document to make it pass the verification check. XML-Sig is a Perl module to validate signatures on XML files. An unsigned XML file should retur...

6.3AI score0.00143EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/26 3:30 a.m.4 views

EUVD-2025-199677

Unauthenticated Arbitrary File Upload upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages. Th...

9.9CVSS7.8AI score0.00331EPSS
Exploits1References2
NVD
NVD
added 2025/11/26 1:16 a.m.12 views

CVE-2025-66255

Unauthenticated Arbitrary File Upload upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages. Th...

9.9CVSS0.00331EPSS
Exploits1References1
Rows per page
Query Builder