CWE-347: CWE-347

This vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform allows authenticated attackers with normal privileges to modify signed X...

This vulnerability allows network-adjacent attackers to bypass authentication on Samsung SmartThings Hub devices by exploiting improper cryptographic ...

This vulnerability allows unauthorized internal users to spoof cryptographic signatures in GitHub Enterprise Server, potentially bypassing authenticat...

This vulnerability allows an attacker with local unprivileged access on a Windows system to bypass cryptographic signature verification during printer...

IBM WebSphere Application Server 8.5 and 9.0 has an identity spoofing vulnerability where authenticated users can impersonate other users due to impro...

This vulnerability in Zoom Desktop Client and Zoom Rooms for Windows allows authenticated local users to access sensitive information they shouldn't h...

This vulnerability in Yubico's ykneo-openpgp smart card applet allows attackers to bypass PIN verification and generate signatures without proper auth...

This vulnerability allows attackers to impersonate high-privilege users in Hitachi ID Bravura Security Fabric by injecting malicious data into SAML re...

The evervault-go SDK's attestation verification logic had a vulnerability where incomplete enclave attestation documents could pass validation, potent...

This vulnerability in Mendix SAML modules allows unauthenticated remote attackers to bypass signature validation and binding checks, potentially enabl...

This vulnerability allows authenticated users on Windows systems to escalate privileges by leveraging Zoom client's elevated system permissions to spa...

CVE-2021-22573 is a critical authentication bypass vulnerability in Google's OAuth Java client library where IDToken signature verification is missing...

This vulnerability in Supermicro BMC firmware allows attackers to bypass validation checks and install malicious firmware images on affected systems. ...

This vulnerability in the notation CLI tool allows attackers who have compromised a container registry to trick users into verifying the wrong artifac...

This vulnerability in Hono's JWT middleware allows attackers to forge authentication tokens through algorithm confusion. Applications using Hono's JWT...

This vulnerability in Hono's JWT verification middleware allows algorithm confusion attacks, enabling attackers to forge JWT tokens that could be acce...

CVE-2024-7344 is a vulnerability in Howyar UEFI Application 'Reloader' that allows execution of unsigned software from a hardcoded path, bypassing Sec...

A permission control vulnerability in Huawei's hidebug module allows unauthorized access to sensitive information. This affects Huawei devices and sys...

This vulnerability allows attackers to replace binaries in Zscaler Client Connector on Linux due to improper cryptographic signature verification. It ...

This vulnerability allows attackers to bypass the secure boot process on Texas Instruments OMAP L138 secure variant chips by reusing valid signed modu...

A DLL sideloading vulnerability in McAfee Agent for Windows allows local users to execute arbitrary code with SYSTEM privileges by placing an unsigned...

This vulnerability in Keycloak allows attackers to modify invitation token payloads to self-register into unauthorized organizations. Attackers can ex...

This vulnerability in Nebula overlay networking tool allows attackers to bypass certificate blocklist entries when using P256 certificates (non-defaul...

AWS CDK's IAM OIDC custom resource provider has a TLS certificate validation vulnerability where it accepts unauthorized connections. This allows pote...

This vulnerability in D-Link COVR mesh Wi-Fi systems truncates WPA-PSK passwords, allowing attackers to bypass authentication and gain unauthorized ne...

CVE-2021-3051 is an improper cryptographic signature verification vulnerability in Cortex XSOAR's SAML authentication that allows unauthenticated atta...

This vulnerability allows network-adjacent attackers to bypass authentication and execute arbitrary code with root privileges on CarlinKit CPC200-CCPA...

CVE-2025-13662 is a critical vulnerability in Ivanti Endpoint Manager's patch management component that allows remote unauthenticated attackers to exe...

GoSign Desktop versions 2.4.0 and earlier have an insecure update mechanism that allows attackers to execute arbitrary code. The vulnerability occurs ...

This vulnerability allows remote unauthenticated attackers to execute arbitrary code on Ivanti Endpoint Manager (EPM) systems by exploiting improper s...

Dell NetWorker Management Console versions 19.11 contain an improper cryptographic signature verification vulnerability. An unauthenticated attacker w...

This vulnerability allows attackers to disable anti-tampering protection in Zscaler Client Connector without proper signature validation. This affects...

This vulnerability in Parallels Desktop Updater allows local attackers to escalate privileges from low-privileged code execution to root-level access ...

This vulnerability allows attackers to manipulate files on Unix systems running Snow Software Inventory Agent by exploiting improper cryptographic sig...

The BIG-IP Edge Client Installer on macOS has a privilege escalation vulnerability during installation due to an incomplete fix for CVE-2023-38418. Th...

The BIG-IP Edge Client Installer on macOS has improper privilege elevation during installation, allowing local attackers to potentially gain elevated ...

CVE-2022-4418 is a local privilege escalation vulnerability in Acronis Cyber Protect Home Office for Windows that allows attackers to load unsigned li...

This vulnerability allows a local malicious user to bypass cryptographic signature verification in Dell update utilities, potentially leading to execu...

CVE-2021-20319 is an improper signature verification vulnerability in coreos-installer that allows specially crafted gzip installation images to bypas...

This vulnerability allows local attackers to escalate privileges on macOS systems by exploiting unrestricted loading of unsigned libraries in Acronis ...

CVE-2020-16156 is a signature verification bypass vulnerability in CPAN (Comprehensive Perl Archive Network) version 2.28. Attackers can craft malicio...

CVE-2020-16154 is a signature verification bypass vulnerability in App::cpanminus (cpanm) for Perl. It allows attackers to install malicious CPAN modu...

This vulnerability allows a local authenticated malicious user to execute arbitrary code on systems running vulnerable versions of Dell Command | Upda...

This vulnerability in the Linux kernel allows loading of unsigned kernel modules even when module signature enforcement is requested via the module.si...

This vulnerability allows attackers to bypass SAML signature validation in Keycloak by crafting malicious SAML responses. Attackers could impersonate ...

This vulnerability allows attackers to bypass cryptographic signature verification in B. Braun medical device firmware updates, enabling them to insta...