Privilege Escalation

Signify is vulnerable to Privilege Escalation. The vulnerability is due to improper Authenticode signature validation in signeddata.py and context.py, where a remote attacker can escalate privileges via these components and exploit the vulnerability to gain elevated access...

CVE-2025-70887

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

SUSE CVE-2025-70887

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

dnv-f2at-helpers (>=0.1.4 <=0.1.5), dnv-oneworkflow (>=1.0.0.1421 <=1.1.2) +3 more potentially affected by CVE-2025-70887 via signify (>=0.4.0 <=0.7.1)

signify PYPI version =0.4.0, =0.1.4, =1.0.0.1421, =5.16.0.124, =1.1.0, =0.1.0, =1.2.1 Source cves: CVE-2025-70887 Source advisory: OSV:GHSA-P4HH-MQ57-GQ8X...

Signify allows a remote attacker to escalate privileges via the signed_data.py and the context.py components

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

EUVD-2025-209004

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

GHSA-P4HH-MQ57-GQ8X Signify allows a remote attacker to escalate privileges via the signed_data.py and the context.py components

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

CVE-2025-70887

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

PT-2026-28087

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed data.py and the context.py components...

CVE-2025-70887

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

Signify 安全漏洞

Signify is a digital code signing verification and inspection tool developed by Ralph Broenink. Versions of Signify prior to 0.9.2 contained security vulnerabilities. These vulnerabilities were caused by issues with the signeddata.py and context.py components, which could allow remote attackers t...

CVE-2025-70887

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

CVE-2025-70887

CVE-2025-70887 affects Ralphje Signify before v0.9.2. The issue enables privilege escalation via the signed_data.py and context.py components. Multiple sources (Red Hat, OSV, CVE lists) confirm the impact and link to a fix: update to Signify v0.9.2 or later. Public exploitation details are not pr...

EUVD-2026-0937

Malicious code in @signify/vue-components npm...

MAL-2026-45 Malicious code in @signify/vue-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ff7ae41abedc64bde81c60772d7adf7e58c51a651ce76e0684c0ea713fe130d The package @signify/vue-components was found to contain malicious code. Source: ghsa-malware...

Malicious code in @signify/vue-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ff7ae41abedc64bde81c60772d7adf7e58c51a651ce76e0684c0ea713fe130d The package @signify/vue-components was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-29638

Malicious code in bioql PyPI...

CVE-2025-56562

An incorrect API discovered in Signify Wiz Connected 1.9.1 allows attackers to remotely launch a DoS on Wiz devices only requiring the MAC address...

CVE-2025-56562

An incorrect API discovered in Signify Wiz Connected 1.9.1 allows attackers to remotely launch a DoS on Wiz devices only requiring the MAC address...

CVE-2025-56562

An incorrect API discovered in Signify Wiz Connected 1.9.1 allows attackers to remotely launch a DoS on Wiz devices only requiring the MAC address...