Improper Verification of Source of a Communication Channel

Overview Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel due to improper validation in the validateToken function. An attacker can cause the server to treat unvalidated client addresses as validated by supplying any non-empty token...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the discovery document retrieval process via uripukidpenc and uripukidpsig properties. An attacker can intercept and modify the TLS connection to substitute a forged discovery document...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the discovery document retrieval process via uripukidpenc and uripukidpsig properties. An attacker can intercept and modify the TLS connection to substitute a forged discovery document...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the verify process. An attacker can cause trust confusion by submitting a commit object with duplicate tree headers, resulting in different interpretations between git-core and go-git,...

CVE-2024-36334

Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the correctlySpends process. An attacker can bypass output verification by supplying a crafted signature and public key pair, allowing unauthorized transaction validation. Remediation...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the lack of exposure of the HMAC-SHA256 signing key in the SDK's typed API, which prevents verification of the X-AxonFlow-Signature header on incoming webhook deliveries. An attack...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the lack of exposure of the HMAC-SHA256 signing key in the SDK's typed API, which prevents verification of the X-AxonFlow-Signature header on incoming webhook deliveries. An attack...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the lack of exposure of the HMAC-SHA256 signing key in the SDK's typed API, which prevents verification of the X-AxonFlow-Signature header on incoming webhook deliveries. An attack...

Improper Verification of Source of a Communication Channel

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel in the sendEmail.json.php process. An attacker can send emails appearing to originate from the site's...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the cryptographic signature verification process. An attacker can cause the acceptance of tampered packages by intercepting network traffic or influencing the contents served to a...

CVE-2026-33467

Elastic Package Registry is affected by CVE-2026-33467 due to improper verification of cryptographic signatures (CWE-347), enabling package integrity bypass for self-hosted deployments that sync from upstream. Affected versions: all up to and including 1.37.0. The issue can be exploited if an att...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the requireSignedTags process. An attacker can bypass signature verification by creating an unsigned annotated tag, which would be incorrectly accepted as valid. Remediation A fix was...

EUVD-2026-24249

Microsoft Security Advisory CVE-2026-40372 – ASP.NET Core Elevation of Privilege...

Improper Verification

github.com/mattermost/mattermost-server is vulnerable to improper verification. The vulnerability is due to failure to validate that /share-issue-publicly post actions were created by the Jira plugin, which allows an attacker to exfiltrate Jira tickets by tricking victim users into interacting wi...

Improper Verification Of Cryptographic Signature

node-forge is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to insufficient validation of RSASSA PKCS1 v1.5 signatures allowing malformed ASN structures and inadequate padding checks, which allows an attacker to forge valid signatures and bypass signatur...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...