Lucene search
K

924 matches found

NVD
NVD
added yesterday4 views

CVE-2026-47304

Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network...

8.1CVSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added yesterday4 views

.NET Security Feature Bypass Vulnerability

Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network...

8.1CVSS6.1AI score
Exploits0
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-58698

Name of the Vulnerable Software and Affected Versions .NET versions prior to 8.0.29 .NET versions prior to 9.0.18 .NET versions prior to 10.0.10 Description Improper verification of cryptographic signatures allows an unauthenticated attacker to remotely bypass security protections over a network...

8.1CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-22097 Missing firmware validation allows remote code execution

The firmware update mechanism does not include cryptographic signature validation. This allows anyone with access to the firmware update capability to upload arbitrary files which can then lead to arbitrary code execution...

9.3CVSS0.0027EPSS
Exploits0References1
NVD
NVD
added 6 days ago9 views

CVE-2026-9027

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and including, 2.7.4. The corvuspaysuccesshandler function registers the REST endpoint POST /wp-json/corvuspay/success/ with...

5.3CVSS0.00222EPSS
Exploits0References8
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-9027 CorvusPay WooCommerce Payment Gateway <= 2.7.4 - Unauthenticated Improper Verification of Cryptographic Signature to Payment Bypass via /wp-json/corvuspay/success/ REST Endpoint

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and including, 2.7.4. The corvuspaysuccesshandler function registers the REST endpoint POST /wp-json/corvuspay/success/ with...

5.3CVSS0.00222EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/07 11:11 a.m.32 views

CVE-2026-11348 Authentication Bypass in HAVELSAN's Open Source Project Liman MYS

Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107...

8.1CVSS0.00185EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 11:11 a.m.11 views

CVE-2026-11348

The CVE-2026-11348 vulnerability affects HAVELSAN Liman MYS (before release.Master.1107) and is caused by improper verification of a cryptographic signature. The entry indicates a remote attack vector (Network) with high impact across confidentiality, integrity, and availability (CVSS v3.1: 8.1, ...

8.1CVSS5.9AI score0.00185EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/07 11:11 a.m.6 views

EUVD-2026-42034

Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107...

8.1CVSS5.9AI score0.00185EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/07 11:11 a.m.8 views

CVE-2026-11348

Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107...

8.1CVSS5.9AI score0.00185EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to ambiguity in the HMAC validation of signed URLs used for artifact access. An attacker can gain unauthorized read access to artifacts across repositories and write to upload-state...

9.6CVSS6AI score0.00177EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 8:18 a.m.9 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the cookie parsing process. An attacker can cause unauthorized cookies to be set and transmitted to unrelated third-party domains by crafting HTTP responses that exploit improper doma...

9.1CVSS5.9AI score0.00649EPSS
Exploits1References2
EUVD
EUVD
added 2026/07/02 6:35 p.m.7 views

EUVD-2026-41419

CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication...

5.2CVSS5.9AI score0.00116EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 6:35 p.m.31 views

CVE-2026-13743

CVE-2026-13743 affects CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20. The issue is an improper verification of cryptographic signatures that allows an attacker with physical access to upload arbitrary malicious firmware without authentication. Per the sources, impact includes ...

5.2CVSS5.9AI score0.00116EPSS
Exploits0References1
Snyk
Snyk
added 2026/07/01 7:58 p.m.6 views

Improper Verification of Cryptographic Signature

Overview sigstore is a code-signing for npm packages Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the certificateOIDs option being accepted by the public API but discarded before verification, resulting in required certificate extensi...

8.7CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/07/01 7:58 p.m.2 views

Improper Verification of Cryptographic Signature

Overview org.webjars.npm:sigstore is a code-signing for npm packages Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the certificateOIDs option being accepted by the public API but discarded before verification, resulting in required...

8.7CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2026/07/01 3:16 p.m.10 views

CVE-2026-13602

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: The payment integration plugins Stripe included in the core system, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect,...

9.4CVSS0.00239EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 1:45 p.m.24 views

CVE-2026-13602

The CVE-2026-13602 issue describes a session‑takeover chain affecting multiple payment integration plugins (Stripe, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect, pretix-sofort, pretix-saferpay) and core features. A code path transports session parameters via URL b...

9.4CVSS6AI score0.00239EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/25 6:43 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation Upgrade...

9.3CVSS5.8AI score0.0026EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 6:43 p.m.3 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation There is...

9.3CVSS5.8AI score0.0026EPSS
Exploits0References3
Rows per page
Query Builder