CWE-347: CWE-347

This critical authentication bypass vulnerability in pac4j-jwt allows attackers with the server's RSA public key to forge JWT authentication tokens an...

CVE-2023-25574 is a critical authentication bypass vulnerability in jupyterhub-ltiauthenticator's LTI13Authenticator that fails to validate JWT signat...

CVE-2024-45409 is a critical authentication bypass vulnerability in the Ruby SAML library where SAML response signatures are not properly verified. Th...

xml-crypto versions 4.0.0 through 5.x have a critical signature validation bypass vulnerability. Attackers can forge XML signatures by replacing certi...

This vulnerability in ecdsautils allows attackers to forge ECDSA signatures by providing zero-value signatures that are always considered valid. This ...

CVE-2021-33885 allows remote unauthenticated attackers to send malicious data to B. Braun SpaceCom2 devices that will be accepted without cryptographi...

This vulnerability in Hyperledger Aries Cloud Agent Python (ACA-Py) allows attackers to present forged verifiable credentials and enables malicious ve...

This vulnerability in Fleet's Windows MDM enrollment flow allows attackers to bypass authentication by submitting forged JWT tokens that aren't proper...

The OAuth Single Sign On plugin for WordPress has a critical authentication bypass vulnerability. Unauthenticated attackers can forge JWT tokens to ga...

CVE-2025-8454 is a critical vulnerability in the uscan tool (part of devscripts) that allows attackers to bypass OpenPGP signature verification when u...

CVE-2025-25291 is an authentication bypass vulnerability in ruby-saml that allows attackers to bypass SAML single sign-on authentication via signature...

CVE-2025-27670 is a critical vulnerability in Vasion Print (formerly PrinterLogic) that allows attackers to bypass signature validation mechanisms. Th...

An XML signature wrapping vulnerability in GitHub Enterprise Server's SAML authentication allows attackers with network access to forge SAML responses...

This vulnerability in the CryptX Perl module allows attackers to bypass authentication and integrity checks in cryptographic operations. It affects ap...

This vulnerability in Rockwell Automation FactoryTalk Service Platform allows attackers to steal service tokens and use them to authenticate to other ...

This vulnerability in Studio Network Solutions ShareBrowser on macOS allows attackers to bypass signature verification, potentially enabling arbitrary...

CVE-2016-20021 is a critical vulnerability in Gentoo Portage's emerge-webrsync tool that fails to validate PGP signatures on downloaded code. This all...

This vulnerability allows remote attackers to gain root access to OMICRON StationGuard and StationScout systems by exploiting the update process with ...

This vulnerability in ConnectWise Control (formerly ScreenConnect) allows attackers to modify signed executable files without invalidating their digit...

Western Digital My Cloud devices running firmware before OS5 lack cryptographic signature verification for firmware updates, allowing attackers to upl...

CVE-2022-31206 allows attackers to upload and execute arbitrary machine code on Omron SYSMAC PLCs due to lack of cryptographic authentication for down...

CVE-2022-31053 is a critical authentication bypass vulnerability in Biscuit v1 tokens that allows attackers to forge valid gamma signatures, enabling ...

This vulnerability allows attackers to forge digital signatures on arbitrary messages due to missing non-zero validation in the Stark Bank ECDSA libra...

This vulnerability allows attackers to forge digital signatures on arbitrary messages by exploiting a missing non-zero check in the Stark Bank Java EC...

This vulnerability in the Stark Bank Python ECDSA library allows attackers to forge digital signatures on arbitrary messages due to missing validation...

CVE-2021-37160 is a critical firmware validation bypass vulnerability in Swisslog Healthcare Nexus Panel HMI3 Control Panel. It allows attackers to up...

This vulnerability in tEnvoy's NaCl signature verification allows attackers to forge signatures by providing any invalid signature that matches the SH...

This vulnerability in Apache Pulsar allows attackers to bypass JWT token authentication by using tokens with the 'none' algorithm, which are not prope...

CVE-2021-3406 is a critical vulnerability in Keylime versions 5.8.1 and older that breaks the cryptographic chain of trust from hardware endorsement k...

Linkr versions through 2.0.0 fail to verify the integrity of .linkr manifest files, allowing attackers to inject malicious file entries into package d...

This vulnerability allows attackers to bypass SAML authentication in Zscaler's identity provider implementation by exploiting improper cryptographic s...

This vulnerability allows unauthenticated attackers to upload malicious backup files to Quest KACE Systems Management Appliance due to weaknesses in s...

CVE-2023-28801 is an improper cryptographic signature verification vulnerability in Zscaler's SAML authentication for the Admin UI. This allows attack...

CVE-2025-40934 is a critical signature validation bypass vulnerability in XML-Sig Perl module versions 0.27 through 0.67. Attackers can remove signatu...

This vulnerability in Misskey allows arbitrary users to impersonate any remote user due to missing signature validation in the decentralized social me...

This vulnerability in Dex's SAML connector allows attackers to bypass XML signature validation through XML encoding issues in the underlying Go librar...

The ruby-saml library contains an authentication bypass vulnerability due to XML parsing differences between ReXML and Nokogiri, allowing attackers to...

The ruby-saml library versions up to 1.12.4 are vulnerable to authentication bypass via Signature Wrapping attacks. Attackers can exploit libxml2's ca...

This vulnerability in gnark's signature verification allows signature malleability, enabling multiple distinct witnesses to satisfy the same public in...

This vulnerability involves HP Linux Imaging and Printing Software using a weak DSA signing key for code signing, which could allow attackers to forge...

CVE-2024-54150 is an algorithm confusion vulnerability in cjwt, a C JSON Web Token implementation. Attackers can forge JWT signatures by exploiting im...

This vulnerability allows attackers to forge JWT tokens due to missing signature verification in DataEase. Attackers can gain unauthorized access to a...

This vulnerability allows attackers to bypass SAML SSO authentication in GitHub Enterprise Server by exploiting improper cryptographic signature verif...

This vulnerability in the Elliptic package for Node.js allows attackers to create multiple valid signatures for the same message due to BER-encoded si...

This vulnerability allows attackers to bypass package name verification in the HwIms module, potentially disrupting services. It affects Huawei device...

CVE-2023-34205 is a signature validation bypass vulnerability in Moov signedxml library. Attackers can manipulate XML signatures through signature wra...

CVE-2020-35169 is an improper input validation vulnerability in Dell BSAFE cryptographic libraries that could allow attackers to execute arbitrary cod...

This vulnerability allows attackers to bypass SAML SSO authentication in wire-server and impersonate any user with SAML credentials. It affects all wi...

This vulnerability allows a privileged user to inject malicious code into IBM Power9 Self Boot Engine (SBE), bypassing firmware signature verification...

This vulnerability in Portofino web framework allows attackers to forge valid JSON Web Tokens due to improper signature verification. This affects all...