Lucene search
K

335 matches found

Veracode
Veracode
added 2026/04/16 5:10 a.m.13 views

Improper Verification Of Cryptographic Signature

node-forge is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to insufficient validation of RSASSA PKCS1 v1.5 signatures allowing malformed ASN structures and inadequate padding checks, which allows an attacker to forge valid signatures and bypass signatur...

7.5CVSS5.7AI score0.00339EPSS
Exploits0References21Affected Software1
Snyk
Snyk
added 2026/04/15 10:13 a.m.9 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

9.2CVSS5.7AI score0.00392EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/15 10:13 a.m.10 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

9.2CVSS5.7AI score0.00392EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/15 10:13 a.m.8 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

9.2CVSS5.7AI score0.00392EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/15 10:13 a.m.13 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

9.2CVSS5.7AI score0.00392EPSS
Exploits0References3
CVE
CVE
added 2026/04/13 7:15 a.m.32 views

CVE-2026-0234

CVE-2026-0234 affects Cortex XSOAR and Cortex XSIAM in the Microsoft Teams integration. The vulnerability arises from improper verification of cryptographic signatures, allowing an unauthenticated actor to access and modify protected resources. Technical details in PT-Security and vendor advisori...

9.2CVSS5.8AI score0.00231EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2026/04/09 10:16 p.m.2 views

CVE-2026-35622

OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. Attackers can bypass webhook authentication by providing non-deployment add-on principals to execut...

7.1CVSS0.00293EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/09 7:11 p.m.7 views

Improper Verification of Cryptographic Signature

Overview bsv-wallet is an Implements the BRC-100 standard wallet-to-application interface for the BSV Blockchain. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the acquirecertificate function. An attacker can persist forged certificate...

8.6CVSS5.9AI score0.00135EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 8:41 a.m.6 views

Security Bulletin: Signature Verification Bypass Vulnerability in auth0/node-jws (HS256, ≤ v3.2.2 & v4.0.0) affects watsonx.data

Summary A vulnerability in auth0/node-jws allows attackers to bypass signature verification when using the HS256 algorithm under certain conditions. The issue occurs when applications rely on user-controlled data for HMAC secret lookup during verification. This can affect watsonx.data...

7.5CVSS5.8AI score0.002EPSS
Exploits1Affected Software1
CVE
CVE
added 2026/03/31 2:5 p.m.12 views

CVE-2026-34377

ZEBRA (Zcash node, Zebra) contains a consensus-failure vulnerability in its handling of V5 transactions. Before zebrad v4.3.0 and zebra-consensus v5.0.1, a logic error in the transaction verification cache could let a malicious miner craft a block with an invalid authorization data set but a matc...

8.4CVSS5.7AI score0.00255EPSS
Exploits1References3Affected Software2
Snyk
Snyk
added 2026/03/26 10:2 p.m.6 views

Improper Verification of Cryptographic Signature

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in ASN.1 structures during RSA signature verification. An attacker can bypass signature verification and inject forged signatures by...

8.7CVSS5.9AI score0.00339EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/26 7:30 p.m.4 views

Improper Verification of Source of a Communication Channel

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel via the JavascriptInterface bridge in WebView when processing pages from untrusted origins. An attacker can execute arbitrary co...

8.8CVSS6.2AI score0.00368EPSS
Exploits0References3
OSV
OSV
added 2026/03/23 6:30 a.m.6 views

GHSA-WVQX-V3F6-W8RH jsrsasign: DSA signatures or X.509 certificates can be forged via DSA domain-parameter validation in KJUR.crypto.DSA.setPublic

Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...

9.1CVSS5.9AI score0.00225EPSS
Exploits1References6
NVD
NVD
added 2026/03/23 6:16 a.m.4 views

CVE-2026-4600

Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...

9.1CVSS0.00225EPSS
Exploits1References15
Tenable Nessus
Tenable Nessus
added 2026/03/23 12:0 a.m.3 views

Siemens APE1808 Improper Verification of Source of a Communication Channel (CVE-2025-62439)

An Improper Verification of Source of a Communication Channel vulnerability CWE-940 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations t...

4.2CVSS6.1AI score0.00138EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/18 8:18 p.m.3 views

Improper Verification of Cryptographic Signature

Overview github.com/russellhaering/goxmldsig is a XML Digital Signatures implemented in pure Go. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature through the validateSignature function in the validate.go file. An attacker can bypass integrity...

8.7CVSS5.8AI score0.00299EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/16 8:51 p.m.4 views

Improper Verification of Cryptographic Signature

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the JsonWebSignature.preparealgorithmkey method in authlib/jose/rfc7515/jws.py. An attacker can bypass authenticatio...

9.3CVSS5.8AI score0.00548EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2026-12293

Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability...

6.8CVSS5.8AI score0.00082EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/16 4:32 a.m.3 views

CVE-2026-20997

Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication...

5.3CVSS5.9AI score0.00256EPSS
Exploits0References1
CVE
CVE
added 2026/03/16 4:31 a.m.23 views

CVE-2026-20989

EUVD-2026-12295 and PT-2026-25594 describe improper verification of cryptographic signatures in Font Settings prior to SMR Mar-2026 Release 1, allowing physical attackers to load a custom font. Root cause: insufficient signature verification for font assets. The NC SC advisory confirms Google And...

5.1CVSS5.8AI score0.0011EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder