Lucene search
K

79 matches found

IBM Security Bulletins
IBM Security Bulletins
added 4 days ago25 views

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Monitoring affect IBM Cloud Pak System

Summary Multiple vulnerabilities in IBM Tivoli Monitoring affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-35154 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to...

8.8CVSS7.7AI score0.01163EPSS
Exploits0Affected Software2
EUVD
EUVD
added 2026/06/29 3:19 p.m.6 views

EUVD-2026-40126

Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...

5.8CVSS5.8AI score0.00083EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/25 6:43 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation Upgrade...

9.3CVSS5.8AI score0.0003EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 6:43 p.m.5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation There is...

9.3CVSS5.8AI score0.0003EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 6:43 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation Upgrade...

9.3CVSS5.8AI score0.0003EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/19 8:46 p.m.6 views

Improper Verification of Cryptographic Signature

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature...

8.2CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/15 6:30 p.m.5 views

GHSA-GQX7-6552-67HF Improper Verification of Cryptographic Signature in com.oviva.telematik:epa4all-client

Impact An attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects u ripukidpenc and uripukidpsig to attacker-controlled URLs. The client then encrypts the SMC-B-signed challenge respons...

7.4CVSS5.8AI score0.00118EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/15 6:30 p.m.13 views

Improper Verification of Cryptographic Signature in com.oviva.telematik:epa4all-client

Impact An attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects u ripukidpenc and uripukidpsig to attacker-controlled URLs. The client then encrypts the SMC-B-signed challenge respons...

7.4CVSS5.8AI score0.00118EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/16 5:29 a.m.6 views

CVE-2026-5050

The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successfulrequest handlers calculating a local signature but not validating DsSignature from the request before...

7.5CVSS5.8AI score0.00206EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/13 9:31 a.m.7 views

EUVD-2026-21899

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources...

9.2CVSS5.8AI score0.00236EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.4 views

Palo Alto Networks Cortex XSOAR 安全漏洞

Palo Alto Networks Cortex XSOAR is an application software developed by Palo Alto Networks in the United States. It provides a security orchestration, automation, and response platform, along with threat intelligence management and a built-in marketplace. There are security vulnerabilities in Pal...

9.2CVSS7.3AI score0.00236EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/08 12:17 a.m.5 views

Improper Verification of Cryptographic Signature

Overview lightrag-hku is a LightRAG: Simple and Fast Retrieval-Augmented Generation Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the validatetoken function. An attacker can gain unauthorized access to protected resources by crafting a JWT...

9.3CVSS5.8AI score0.00154EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/01 9:11 p.m.5 views

Improper Verification of Cryptographic Signature

Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...

8.8CVSS5.9AI score
Exploits0References2
Veracode
Veracode
added 2026/03/28 5:31 a.m.6 views

Privilege Escalation

Signify is vulnerable to Privilege Escalation. The vulnerability is due to improper Authenticode signature validation in signeddata.py and context.py, where a remote attacker can escalate privileges via these components and exploit the vulnerability to gain elevated access...

8.8CVSS6AI score0.00343EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.7 views

PT-2026-25873

Name of the Vulnerable Software and Affected Versions sjcl affected versions not specified Description The software is susceptible to an Improper Verification of Cryptographic Signature issue due to missing point-on-curve validation within the sjcl.ecc.basicKey.publicKey function. An attacker can...

8.7CVSS5.8AI score0.00246EPSS
Exploits1References16
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.4 views

PT-2026-25602

Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication...

5.3CVSS5.9AI score0.00256EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.5 views

Adobe Reader < 25.001.21288 Multiple Vulnerabilities (APSB26-26) (macOS)

The version of Adobe Reader installed on the remote macOS host is a version prior to 25.001.21288. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could resul...

7.8CVSS6.4AI score0.00352EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/04 12:29 a.m.4 views

SUSE CVE-2026-3338

Improper signature validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69...

8.7CVSS5.8AI score0.00779EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/05 8:23 p.m.10 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in jws-3.2.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in jws-3.2.2.tgz Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature...

7.5CVSS5.4AI score0.002EPSS
Exploits1Affected Software1
Snyk
Snyk
added 2026/01/22 3:45 a.m.5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the VerifyDelegate function. An attacker in control of a compromised TUF repository can bypass signature validation and modify metadata files by setting the signature threshold to 0...

8.2CVSS5.5AI score0.00196EPSS
Exploits0References2
Rows per page
Query Builder