CWE-347: CWE-347

This vulnerability in Foxit PDF software allows attackers to create malicious PDFs that use JavaScript to modify annotation content and clear modifica...

This vulnerability allows local attackers to execute arbitrary code on macOS systems by exploiting the Zscaler Updater's failure to validate digital s...

This vulnerability in TIA Administrator allows attackers to bypass code signing certificate validation during installations, potentially enabling arbi...

This vulnerability allows authenticated local attackers with root-system privileges to bypass Cisco IOS XR Software image signature verification and l...

This vulnerability in go-tuf allows a compromised or misconfigured TUF repository to set signature verification thresholds to zero, effectively disabl...

This GnuPG vulnerability allows attackers to append unauthorized content to signed messages while still passing signature verification. The attack exp...

This vulnerability in ABB systems allows attackers to send specially crafted firmware or configuration files to system nodes, potentially causing deni...

The OpenSSL 'dgst' command-line tool silently truncates files larger than 16MB when using one-shot signing algorithms (Ed25519, Ed448, ML-DSA variants...

A code-signing downgrade vulnerability in Intel-based Mac computers allows malicious apps to bypass security restrictions and access sensitive user da...

A code-signing downgrade vulnerability in Intel-based Mac computers allows malicious apps to bypass security restrictions and access sensitive user da...

This CVE describes a code-signing downgrade vulnerability in macOS that could allow malicious applications to bypass security restrictions and access ...

A cryptographic signature verification flaw in LibreOffice allows attackers to spoof PDF signatures by making invalid signatures appear valid. This af...

This vulnerability in sigstore-java allows attackers to present a validly-signed but mismatched bundle that appears to be logged in a transparency log...

CVE-2024-37886 is a signature verification bypass vulnerability in Nextcloud's user_oidc app that allows attackers to potentially forge OpenID Connect...

This vulnerability in the ML-DSA Rust crate allows attackers to forge digital signatures by exploiting a validation flaw where duplicate hint indices ...

Jervis versions before 2.2 fail to validate JWT algorithm headers, allowing attackers to forge tokens using weaker algorithms like 'none' or HMAC. Thi...

Foxit PDF Editor and Reader versions before 2025.2.1 contain a signature spoofing vulnerability where attackers can embed triggers (like JavaScript) i...

This vulnerability allows attackers to spoof digital certificates in Windows systems by exploiting improper cryptographic signature verification. Atta...

This vulnerability in Deno runtime versions 1.46.0 through 2.1.6 fails to validate AES-GCM authentication tags, allowing tampered ciphertexts to go un...

This vulnerability in mutt and neomutt email clients allows attackers to reuse signed but unencrypted email messages by manipulating the In-Reply-To h...

This vulnerability in filestash v0.4 disables SSH host key verification, allowing man-in-the-middle attackers to intercept and potentially steal sensi...

This vulnerability in litestream v0.3.13 disables SSH host key verification, allowing man-in-the-middle attackers to intercept and potentially modify ...

This vulnerability in the FreeFrom nostr client allows attackers to inject malicious event data with invalid cryptographic signatures that the app can...

This vulnerability in NetApp StorageGRID allows attackers to potentially intercept and decrypt SSH communications through man-in-the-middle attacks. I...

This Windows vulnerability allows attackers to bypass digital signature validation, enabling them to load malicious files that appear legitimate. It a...

This vulnerability allows attackers to bypass Secure Boot protection in IGEL OS by exploiting improper cryptographic signature verification in the ige...

This vulnerability in Poppler's PDF processing library allows attackers to forge digital signatures on PDF documents by bypassing signature verificati...

A code-signing downgrade vulnerability in Intel-based Mac computers allows malicious apps to bypass security restrictions and access sensitive user da...

Acrobat Reader has an improper cryptographic signature verification vulnerability that allows attackers to bypass security features and gain limited u...

This CVE describes an Improper Verification of Cryptographic Signature vulnerability in Adobe Acrobat Reader that allows attackers to bypass cryptogra...

This vulnerability allows attackers to bypass authentication in Drupal Commerce Paybox payment processing module by exploiting improper cryptographic ...

This vulnerability allows attackers to bypass cryptographic signature verification in the quick-media library's SVG processing module. Attackers could...