15 matches found
E-Signature Security Checklist Before Selecting an E-Signature Tool
Electronic signature security starts before the first document is sent. A company needs to know how files are…...
Krajowa Izba Rozliczeniowa Szafir SDK 安全漏洞
Krajowa Izba Rozliczeniowa Szafir SDK is an electronic signature development kit from Krajowa Izba Rozliczeniowa, Poland. A security vulnerability exists in the Krajowa Izba Rozliczeniowa Szafir SDK that stems from the cryptographic digital signature verification process returning a success statu...
Tap&Sign cross-site scripting vulnerabilities
Tap&Sign is a user-friendly and legally binding electronic signature solution provided by Tap&Sign Corporation. Versions of Tap&Sign prior to 23012026 contained a cross-site scripting vulnerability, which was caused by improper input handling and could lead to cross-site scripting attacks...
QES-Backed Virtual FIDO2 Authenticators: Architectural Options for Secure, Synchronizable WebAuthn Credentials
FIDO2 and the WebAuthn standard offer phishing-resistant, public-key based authentication but traditionally rely on device-bound cryptographic keys that are not naturally portable across user devices. Recent passkey deployments address this limitation by enabling multi-device credentials...
EUVD-2025-24062
Malicious code in bioql PyPI...
CVE-2025-8775
A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The...
CVE-2025-8775
A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The...
CVE-2025-8775
The CVE-2025-8775 affects Qiyuesuo Eelectronic Signature Platform versions up to 4.34. The vulnerability is in the execute function of /api/code/upload within the Scheduled Task Handler; manipulating the File argument enables unrestricted file uploads and could be exploited remotely. The exploit ...
Qiyuesuo Eelectronic Signature Platform 代码问题漏洞
Qiyuesuo Eelectronic Signature Platform is an e-signature and e-contract management platform from China Contract Lock Qiyuesuo. A code issue vulnerability exists in Qiyuesuo Eelectronic Signature Platform version 4.34 and earlier, which stems from improper handling of the parameter File in...
The vulnerability of the POST request processing mechanism of the enhanced qualified electronic signature service for operating systems “EMIAS” allows a perpetrator to execute arbitrary code.
The vulnerability of the POST request processing mechanism of the enhanced qualified electronic signature service for operating systems “EMIAS” exists due to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a...
The vulnerability of the POST request processing mechanism of the enhanced qualified electronic signature service for operating systems “EMIAS” allows a perpetrator to disclose information about the user’s name.
The vulnerability of the POST request processing mechanism of the enhanced qualified electronic signature service for operating systems “EMIAS” is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, acting remotely, to disclose informatio...
Электронная Подпись за 9 минут - Customized SSL, WebView SSL handling enabled, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Электронная Подпись за 9 минут published at the 'play' market has multiple vulnerabilities...
Microsec e-Szigno XML Digital Signature Forgery Security Bypass Vulnerability
Microsec e-Szigno is a suite of electronic signature authentication applications. Microsec e-Szigno does not validate the signature of specially crafted XML files, allowing attackers to bypass XML digital signature validation by performing man-in-the-middle attacks to forge XML file content and...
Threat Outbreak Alert RuleID14867: Email Messages Distributing Malicious Software on April 23, 2015
Medium Alert ID: 38509 First Published: 2015 April 23 17:13 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID14867 may contain the following files: Name | Si...
SigPlus Pro ActiveX Control < 4.29 Multiple Vulnerabilities
The SigPlus Pro ActiveX control, used for electronic signature integration with Topaz signature pads and installed on the remote Windows host, is earlier than 4.29. Such versions reportedly are affected by the following vulnerabilities : - The 'SetLogFilePath' method allows creation of a log file...