Lucene search
K

916 matches found

NVD
NVD
added 3 days ago9 views

CVE-2026-9027

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and including, 2.7.4. The corvuspaysuccesshandler function registers the REST endpoint POST /wp-json/corvuspay/success/ with...

5.3CVSS0.00222EPSS
Exploits0References8
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-9027 CorvusPay WooCommerce Payment Gateway <= 2.7.4 - Unauthenticated Improper Verification of Cryptographic Signature to Payment Bypass via /wp-json/corvuspay/success/ REST Endpoint

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and including, 2.7.4. The corvuspaysuccesshandler function registers the REST endpoint POST /wp-json/corvuspay/success/ with...

5.3CVSS0.00222EPSS
Exploits0References8
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-11348 Authentication Bypass in HAVELSAN's Open Source Project Liman MYS

Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107...

8.1CVSS0.00185EPSS
Exploits0References1
CVE
CVE
added 5 days ago10 views

CVE-2026-11348

The CVE-2026-11348 vulnerability affects HAVELSAN Liman MYS (before release.Master.1107) and is caused by improper verification of a cryptographic signature. The entry indicates a remote attack vector (Network) with high impact across confidentiality, integrity, and availability (CVSS v3.1: 8.1, ...

8.1CVSS5.9AI score0.00185EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42034

Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107...

8.1CVSS5.9AI score0.00185EPSS
Exploits0References1
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to ambiguity in the HMAC validation of signed URLs used for artifact access. An attacker can gain unauthorized read access to artifacts across repositories and write to upload-state...

9.6CVSS6AI score0.00177EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 8:18 a.m.7 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the cookie parsing process. An attacker can cause unauthorized cookies to be set and transmitted to unrelated third-party domains by crafting HTTP responses that exploit improper doma...

9.1CVSS5.9AI score0.00649EPSS
Exploits1References2
EUVD
EUVD
added 2026/07/02 6:35 p.m.7 views

EUVD-2026-41419

CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication...

5.2CVSS5.9AI score0.00116EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 6:35 p.m.30 views

CVE-2026-13743

CVE-2026-13743 affects CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20. The issue is an improper verification of cryptographic signatures that allows an attacker with physical access to upload arbitrary malicious firmware without authentication. Per the sources, impact includes ...

5.2CVSS5.9AI score0.00116EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 3:16 p.m.9 views

CVE-2026-13602

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: The payment integration plugins Stripe included in the core system, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect,...

9.4CVSS0.00239EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 1:45 p.m.23 views

CVE-2026-13602

The CVE-2026-13602 issue describes a session‑takeover chain affecting multiple payment integration plugins (Stripe, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect, pretix-sofort, pretix-saferpay) and core features. A code path transports session parameters via URL b...

9.4CVSS6AI score0.00239EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/25 6:43 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation Upgrade...

9.3CVSS5.8AI score0.0026EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 6:43 p.m.3 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation There is...

9.3CVSS5.8AI score0.0026EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 6:43 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation There is...

9.3CVSS5.8AI score0.0026EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 6:43 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation Upgrade...

9.3CVSS5.8AI score0.0026EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/19 8:46 p.m.5 views

Improper Verification of Cryptographic Signature

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature...

8.9CVSS6AI score0.0015EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2026/06/10 12:0 a.m.2 views

The vulnerabilities of the GOMODPROXY and GOSUMDB modules in the Go programming language allow attackers to circumvent security restrictions and gain access to read and modify data.

The vulnerability of GOMODPROXY and GOSUMDB modules written in the Go programming language is related to improper verification of the cryptographic signature. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain access to read and modify data...

7.6CVSS5.8AI score0.00231EPSS
Exploits0References6Affected Software2
Redos
Redos
added 2026/06/08 12:0 a.m.13 views

ROS-20260608-73-0003

The vulnerability of the ASP.NET Core software platform is related to errors in checking the cryptographic signature. Exploiting this vulnerability can allow an attacker, operating remotely, to increase their privileges...

9.1CVSS5.5AI score0.11205EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.10 views

CVE-2026-33467

Improper Verification of Cryptographic Signature CWE-347 in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served to a self-hosted registry, to substitute a tampered package without the integrity check failing close...

5.9CVSS5.4AI score0.00124EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/03 4:24 p.m.13 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the getsignedcookie function. An attacker can access data intended for a different context by crafting distinct name, salt pairs that result in the same concatenated value. Remediation...

4.8CVSS5.5AI score0.00245EPSS
Exploits0References2
Rows per page
Query Builder