11 matches found
CVE-2026-9058
Szafir SDK returns a success status code from the cryptographic digital signature verification process i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified" even when the trust status of the signer's certificate could not be established i.e...
CVE-2026-9058 Improper Certificate Verification in Szafir SDK
Szafir SDK returns a success status code from the cryptographic digital signature verification process i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified" even when the trust status of the signer's certificate could not be established i.e...
CVE-2026-9058
The Szafir SDK is affected by an improper certificate verification issue where the verification process returns success (Result/@code == 0) even when the signer certificate trust status is nondetermined. This leads consuming applications to treat signatures as valid despite an unverified certific...
CVE-2026-9058 Improper Certificate Verification in Szafir SDK
Szafir SDK returns a success status code from the cryptographic digital signature verification process i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified" even when the trust status of the signer's certificate could not be established i.e...
CVE-2026-26927
Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...
EUVD-2026-18228
Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...
CVE-2026-26927
Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...
CVE-2026-26927 URL (HTTP Origin) call location spoofing in Szafir SDK Web
Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...
CVE-2026-26927 URL (HTTP Origin) call location spoofing in Szafir SDK Web
Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...
CVE-2026-26927
Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...
Krajowa Izba Rozliczeniowa Szafir SDK Web 安全漏洞
Krajowa Izba Rozliczeniowa Szafir SDK Web is a development toolkit for electronic signatures and identity authentication provided by the Polish company Krajowa Izba Rozliczeniowa. Versions of Krajowa Izba Rozliczeniowa Szafir SDK Web prior to 0.0.17.4 contained security vulnerabilities. These...