335 matches found
Improper Verification Of Cryptographic Signature
node-forge is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to insufficient validation of RSASSA PKCS1 v1.5 signatures allowing malformed ASN structures and inadequate padding checks, which allows an attacker to forge valid signatures and bypass signatur...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...
CVE-2026-0234
CVE-2026-0234 affects Cortex XSOAR and Cortex XSIAM in the Microsoft Teams integration. The vulnerability arises from improper verification of cryptographic signatures, allowing an unauthenticated actor to access and modify protected resources. Technical details in PT-Security and vendor advisori...
CVE-2026-35622
OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. Attackers can bypass webhook authentication by providing non-deployment add-on principals to execut...
Improper Verification of Cryptographic Signature
Overview bsv-wallet is an Implements the BRC-100 standard wallet-to-application interface for the BSV Blockchain. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the acquirecertificate function. An attacker can persist forged certificate...
Security Bulletin: Signature Verification Bypass Vulnerability in auth0/node-jws (HS256, ≤ v3.2.2 & v4.0.0) affects watsonx.data
Summary A vulnerability in auth0/node-jws allows attackers to bypass signature verification when using the HS256 algorithm under certain conditions. The issue occurs when applications rely on user-controlled data for HMAC secret lookup during verification. This can affect watsonx.data...
CVE-2026-34377
ZEBRA (Zcash node, Zebra) contains a consensus-failure vulnerability in its handling of V5 transactions. Before zebrad v4.3.0 and zebra-consensus v5.0.1, a logic error in the transaction verification cache could let a malicious miner craft a block with an invalid authorization data set but a matc...
Improper Verification of Cryptographic Signature
Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in ASN.1 structures during RSA signature verification. An attacker can bypass signature verification and inject forged signatures by...
Improper Verification of Source of a Communication Channel
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel via the JavascriptInterface bridge in WebView when processing pages from untrusted origins. An attacker can execute arbitrary co...
GHSA-WVQX-V3F6-W8RH jsrsasign: DSA signatures or X.509 certificates can be forged via DSA domain-parameter validation in KJUR.crypto.DSA.setPublic
Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...
CVE-2026-4600
Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...
Siemens APE1808 Improper Verification of Source of a Communication Channel (CVE-2025-62439)
An Improper Verification of Source of a Communication Channel vulnerability CWE-940 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations t...
Improper Verification of Cryptographic Signature
Overview github.com/russellhaering/goxmldsig is a XML Digital Signatures implemented in pure Go. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature through the validateSignature function in the validate.go file. An attacker can bypass integrity...
Improper Verification of Cryptographic Signature
Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the JsonWebSignature.preparealgorithmkey method in authlib/jose/rfc7515/jws.py. An attacker can bypass authenticatio...
EUVD-2026-12293
Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability...
CVE-2026-20997
Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication...
CVE-2026-20989
EUVD-2026-12295 and PT-2026-25594 describe improper verification of cryptographic signatures in Font Settings prior to SMR Mar-2026 Release 1, allowing physical attackers to load a custom font. Root cause: insufficient signature verification for font assets. The NC SC advisory confirms Google And...