Lucene search
K

14 matches found

Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-13742 Lack of signature verification before execution of downloaded content

Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...

5.8CVSS0.00083EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/14 12:4 a.m.22 views

MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads

Impact Two authentication bypass vulnerabilities in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allow any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid cryptographic signature. Any MinIO deployment is...

8.8CVSS6AI score0.00418EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/06 7:16 a.m.6 views

CVE-2026-28802

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application co...

9.8CVSS0.00425EPSS
Exploits1References12
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.4 views

Aqara多款产品 安全漏洞

Aqara Camera Hub G3 and others are a smart surveillance camera from Aqara USA. A security vulnerability exists in various Aqara products that stems from a failure to verify signatures during firmware updates, which could lead to the installation of malicious firmware. The following products and...

8.1CVSS6.6AI score0.002EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/11/14 12:0 a.m.2 views

JetBrains ReSharper < 2025.2.4 Local Privilege Escalation (CVE-2025-64456)

The version of JetBrains ReSharper installed on the remote host is prior to 2025.2.4, and is, therefore, affected by a local privilege escalation vulnerability: - In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation. CVE-2025-644...

8.4CVSS5.5AI score0.00077EPSS
Exploits0References2
CISA KEV Catalog
CISA KEV Catalog
added 2025/10/14 12:0 a.m.12 views

IGEL OS Use of a Key Past its Expiration Date Vulnerability

IGEL OS contains a use of a key past its expiration date vulnerability that allows for Secure Boot bypass. The igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image...

4.6CVSS6.9AI score0.03817EPSS
In wildExploits2
RedhatCVE
RedhatCVE
added 2025/05/22 6:44 p.m.7 views

CVE-2021-40045

There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality...

5.5CVSS6.9AI score0.00152EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/08/27 8:59 a.m.6 views

libreoffice: Ability to trust not validated macro signatures removed in high security mode

A vulnerability was found in versions of LibreOffice from 24.2 to before 24.2.5. When a document containing a signed macro fails verification, LibreOffice will display a warning which the user can choose to ignore the failure and enable the macro anyways...

7.8CVSS5.7AI score0.00238EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:55 a.m.3 views

SUSE CVE-2011-0025

IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that 1 are "partially signed" or 2 signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source...

6.8CVSS7.3AI score0.02578EPSS
Exploits0References4
CNVD
CNVD
added 2018/11/15 12:0 a.m.4 views

Microsoft Windows Security Feature Bypass Vulnerability (CNVD-2019-02774)

Windows is a set of operating systems developed by Microsoft Corporation in the U.S. Windows uses a graphical mode GUI. A security feature bypass vulnerability exists in Microsoft Windows. The vulnerability stems from Windows failing to properly verify kernel driver signatures. An attacker could...

5.5CVSS7.1AI score0.01184EPSS
Exploits0References1
CNVD
CNVD
added 2017/03/31 12:0 a.m.5 views

go-jose signature obfuscation vulnerability

go-jose is a standard method for implementing JavaScript object signing and encryption . A security vulnerability exists in go-jose. As the program fails to verify the validity of the signature. An attacker could exploit the vulnerability to read unauthorized data...

7.5CVSS7.4AI score0.01967EPSS
Exploits0References1
OSV
OSV
added 2016/10/13 2:59 p.m.4 views

CVE-2016-4407

The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008...

6.5CVSS5.9AI score0.00956EPSS
Exploits0References3
ALT Linux
ALT Linux
added 2009/04/30 12:0 a.m.22 views

Security fix for the ALT Linux 10 package gnutls30 version 2.6.6-alt1

April 30, 2009 Afanasov Dmitry 2.6.6-alt1 - 2.6.6 release. + fix Corrected double free on signature verification failure CVE-2009-1415 + fix DSA key generation CVE-2009-1416 + fix gnutls-cli expiration/activation time check CVE-2009-1417 - release fixes 19873 also...

7.5CVSS7.1AI score0.07922EPSS
Exploits9
OSV
OSV
added 2009/01/15 5:30 p.m.4 views

DEBIAN-CVE-2009-0127

M2Crypto does not properly check the return value from the OpenSSL EVPVerifyFinal, DSAverify, ECDSAverify, DSAdoverify, and ECDSAdoverify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to...

5CVSS7AI score0.01379EPSS
Exploits1References1
Rows per page
Query Builder