Privilege Escalation

Signify is vulnerable to Privilege Escalation. The vulnerability is due to improper Authenticode signature validation in signeddata.py and context.py, where a remote attacker can escalate privileges via these components and exploit the vulnerability to gain elevated access...

CVE-2025-70887

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

SUSE CVE-2025-70887

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

GHSA-P4HH-MQ57-GQ8X Signify allows a remote attacker to escalate privileges via the signed_data.py and the context.py components

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

dnv-f2at-helpers (>=0.1.4 <=0.1.5), dnv-oneworkflow (>=1.0.0.1421 <=1.1.2) +3 more potentially affected by CVE-2025-70887 via signify (>=0.4.0 <=0.7.1)

signify PYPI version =0.4.0, =0.1.4, =1.0.0.1421, =5.16.0.124, =1.1.0, =0.1.0, =1.2.1 Source cves: CVE-2025-70887 Source advisory: OSV:GHSA-P4HH-MQ57-GQ8X...

EUVD-2025-209004

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

Signify allows a remote attacker to escalate privileges via the signed_data.py and the context.py components

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

CVE-2025-70887

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

CVE-2025-70887

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

PT-2026-28087

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed data.py and the context.py components...

Signify 安全漏洞

Signify is a digital code signing verification and inspection tool developed by Ralph Broenink. Versions of Signify prior to 0.9.2 contained security vulnerabilities. These vulnerabilities were caused by issues with the signeddata.py and context.py components, which could allow remote attackers t...

CVE-2025-70887

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

CVE-2025-70887

The CVE-2025-70887 entry concerns the Signify project by ralphje, vulnerable in versions before v.0.9.2. The issue affects the signed_data.py and context.py components, enabling a remote attacker to escalate privileges. Public details in connected documents confirm the vulnerable component/files ...

EUVD-2026-0937

Malicious code in @signify/vue-components npm...

MAL-2026-45 Malicious code in @signify/vue-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ff7ae41abedc64bde81c60772d7adf7e58c51a651ce76e0684c0ea713fe130d The package @signify/vue-components was found to contain malicious code. Source: ghsa-malware...

Malicious code in @signify/vue-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ff7ae41abedc64bde81c60772d7adf7e58c51a651ce76e0684c0ea713fe130d The package @signify/vue-components was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-29638

Malicious code in bioql PyPI...

CVE-2025-56562

An incorrect API discovered in Signify Wiz Connected 1.9.1 allows attackers to remotely launch a DoS on Wiz devices only requiring the MAC address...

CVE-2025-56562

An incorrect API discovered in Signify Wiz Connected 1.9.1 allows attackers to remotely launch a DoS on Wiz devices only requiring the MAC address...

CVE-2025-56562

An incorrect API discovered in Signify Wiz Connected 1.9.1 allows attackers to remotely launch a DoS on Wiz devices only requiring the MAC address...