CVE-2026-21023

The vulnerability CVE-2026-21023 affects PackageManagerService prior to SMR Mar-2026 Release 1, enabling local attackers to modify installation restrictions on specific apps. Root cause: insufficient verification of data authenticity in PackageManagerService. Impact per the sources: trivial local...

PT-2026-25755

HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour...

CVE-2025-15575 Missing Firmware Authenticity Checks in Solax Power Pocket WiFi models

The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks e.g. digital signatu...

CVE-2025-63434

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...

EUVD-2025-198965

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...

EUVD-2017-2765

Malware in sbrugna...

EUVD-2024-54362

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-23906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service DoS via a crafted audio file due to insufficient verification of data authenticity...

CVE-2025-8980

A vulnerability has been found in Tenda G1 16.01.7.83660. Affected by this issue is the function checkuploadfile of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack may be launched remotely. The complexity of an attack is...

Tenda AC15 数据伪造问题漏洞

Tenda AC15 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in October 2015, which supports 802.11ac protocol and is mainly designed for home network environment. Tenda AC15 is vulnerable to a data forgery issue, which stems from insufficient data authenticity...

CVE-2023-27748

BlackVue DR750-2CH LTE v.1.0122022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution...

CVE-2021-29655

Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute...

CVE-2019-7229

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of...

CVE-2024-38392

Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of resources, and thus remote attackers can cause the application to run untrusted code...

CVE-2024-38392

Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of resources, and thus remote attackers can cause the application to run untrusted code...

CVE-2024-38392

Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of resources, and thus remote attackers can cause the application to run untrusted code...

CVE-2024-38392

Pexip Infinity Connect before 1.13.0 has an integrity/authenticity flaw: during resource loading it does not perform sufficient authenticity checks, allowing a remote attacker to cause the application to execute untrusted code. The CVE-2024-38392 entry notes a high-severity, network-exploitable i...

CVE-2024-38392

Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of resources, and thus remote attackers can cause the application to run untrusted code...

CVE-2023-23773

Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent impla...

ABB CP635 HMI Lack of encryption or authenticity checks against firmware binary files (CVE-2019-7229)

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: Utilization of USB/SD Card to flash the device and Remote provisioning process via ABB Panel Builder 600 over FTP. Neither of these transmission methods implements any form of encryption...