Lucene search
K

335 matches found

OSV
OSV
added 2026/02/17 9:29 p.m.7 views

GHSA-7V42-G35V-XRCH Improper Digest Verification in httpsig-hyper May Allow Message Integrity Bypass

Impact An issue was discovered in httpsig-hyper where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison: rust if matches!digest, expecteddigest treated expecteddigest as a pattern binding rather than a value comparison,...

7.5CVSS5.6AI score0.00162EPSS
Exploits0References7
Snyk
Snyk
added 2026/02/17 12:3 p.m.4 views

Improper Verification of Cryptographic Signature

Overview org.webjars.npm:sjcl is a Stanford Javascript Crypto Library Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key b...

8.7CVSS5.8AI score0.00246EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.10 views

WordPress plugin Videospirecore Theme Plugin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS5.8AI score0.00316EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/10 3:39 p.m.24 views

CVE-2025-62439

An Improper Verification of Source of a Communication Channel vulnerability CWE-940 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations t...

4.2CVSS0.00138EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/27 8:43 a.m.4 views

EUVD-2026-4759

Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules. This vulnerability is associated with program files SeekableOutputStream.Java. This issue affects quick-media:...

5.3CVSS5.9AI score0.00341EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/22 3:45 a.m.5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the VerifyDelegate function. An attacker in control of a compromised TUF repository can bypass signature validation and modify metadata files by setting the signature threshold to 0...

8.2CVSS5.5AI score0.00196EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/21 4:13 p.m.4 views

Improper Verification of Cryptographic Signature

Overview org.webjars.npm:sm-crypto is a sm-crypto Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the SM2 signature verification process. An attacker can bypass signature validation by forging signatures for arbitrary public keys. Remediatio...

8.7CVSS6AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/21 4:13 p.m.3 views

Improper Verification of Cryptographic Signature

Overview sm-crypto is a sm-crypto Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the SM2 signature verification process. An attacker can create a new valid signature for a previously signed message by manipulating an existing signature...

8.7CVSS5.9AI score0.0019EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/20 8:55 p.m.5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the JWT verification process. An attacker can gain unauthorized enrollment of rogue devices by submitting a forged JWT with arbitrary identity claims, as the system fails to verify th...

9.8CVSS5.8AI score0.00226EPSS
Exploits0References2
NVD
NVD
added 2026/01/20 4:16 p.m.6 views

CVE-2025-36418

IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges...

9.8CVSS0.0015EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/10 6:53 a.m.3 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the VerifyBundle function in the verify.go file. An attacker can bypass artifact integrity checks by crafting a bundle that includes any arbitrary Rekor entry, allowing successful...

6.8CVSS6.9AI score0.00077EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:21 a.m.13 views

CVE-2021-22448

There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of some files...

9.1CVSS6.9AI score0.00727EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.7 views

CVE-2021-22472

There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality...

7.5CVSS6.9AI score0.00672EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/16 12:43 a.m.3 views

Improper Verification of Cryptographic Signature

Overview altcha-lib is an A library for creating and verifying ALTCHA challenges for Node.js, Bun and Deno. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the HMAC computation. An attacker can bypass intended challenge expiration and reuse...

6.9CVSS6.8AI score0.00262EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/16 12:43 a.m.6 views

Improper Verification of Cryptographic Signature

Overview altcha is a The ALTCHA Python Library is a lightweight, zero-dependency library designed for creating and verifying ALTCHA challenges, specifically tailored for Python applications. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via t...

6.9CVSS6.8AI score0.00262EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/16 12:43 a.m.3 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the HMAC computation. An attacker can bypass intended challenge expiration and reuse previously solved challenges by submitting a valid proof-of-work with a modified expiration value,...

6.9CVSS6.8AI score0.00262EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2025/12/16 12:0 a.m.8 views

Fortinet FortiWeb ApacheCookie_parse Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Fortinet FortiWeb. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ApacheCookieparse method. The issue results from the lack of proper verification of...

8.1CVSS7AI score0.07492EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 5:3 a.m.5 views

CVE-2025-64786

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited...

4CVSS6.5AI score0.00379EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/12/10 12:0 a.m.5 views

Ivanti Endpoint Manager HIIDriver Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alternatively, no user interaction is...

7.8CVSS6.7AI score0.00494EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/04 4:54 p.m.7 views

Improper Verification of Cryptographic Signature

Overview jws is an Implementation of JSON Web Signatures Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the createVerify function when using HS256 HMAC algorithms and incorporating user-provided data from the JSON Web Signature Protected...

8.2CVSS6.9AI score0.002EPSS
Exploits1References2
Rows per page
Query Builder