Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-347 (密码学签名的验证不恰当) — Vulnerability Class 357

357 vulnerabilities classified as CWE-347 (密码学签名的验证不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-6986 Cesanta Mongoose GCM Authentication Tag tls_aes128.c mg_aes_gcm_decrypt signature verification — Mongoose 3.7 Low2026-04-25
CVE-2026-6966 Signature Threshold Bypass in awslabs/tough Delegated Roles — tough 5.3 Medium2026-04-24
CVE-2026-6911 Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel — AWS Ops Wheel 9.8 Critical2026-04-24
CVE-2026-34068 nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge — nimiq-transaction 6.8 Medium2026-04-22
CVE-2026-40372 ASP.NET Core Elevation of Privilege Vulnerability — ASP.NET Core 10.0 9.1 Critical2026-04-21
CVE-2026-41301 OpenClaw 2026.3.22 < 2026.3.31 - Forged Nostr DM Pairing State Creation via Signature Verification Bypass — OpenClaw 5.3 Medium2026-04-20
CVE-2026-5050 Payment Gateway for Redsys & WooCommerce Lite <= 7.0.0 - Improper Verification of Cryptographic Signature to Unauthenticated Payment Status Manipulation — Payment Gateway for Redsys & WooCommerce Lite 7.5 High2026-04-16
CVE-2026-24032 Siemens SINEC NMS 数据伪造问题漏洞 — SINEC NMS 7.3 High2026-04-14
CVE-2026-0234 Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration — Cortex XSOAR Microsoft Teams Marketplace 9.1 -2026-04-13
CVE-2026-5466 wc_VerifyEccsiHash missing sanity check — wolfSSL 9.1 -2026-04-10
CVE-2026-40070 bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths) — bsv-ruby-sdk 8.1 High2026-04-09
CVE-2026-39413 LightRAG has a JWT Algorithm Confusion Vulnerability in LightRAG API — LightRAG 4.2 Medium2026-04-08
CVE-2026-2625 Rust-rpm-sequoia: rust-rpm-sequoia: denial of service via crafted rpm file during signature verification — Red Hat Enterprise Linux 10 4.0 Medium2026-04-03
CVE-2026-34840 OneUptime SSO: Multi-Assertion Identity Injection via Decoupled Signature Verification — oneuptime 8.1 High2026-04-02
CVE-2026-34240 jose vulnerable to untrusted JWK header key acceptance during signature verification — jose 7.5 High2026-03-31
CVE-2026-34377 Zebra has a Consensus Failure due to Improper Verification of V5 Transactions — zebra 7.5AIHighAI2026-03-31
CVE-2026-32883 Botan: Missing OCSP Response Signature Verification Allows MitM Certificate Revocation Bypass — botan 5.9 Medium2026-03-30
CVE-2026-32974 OpenClaw < 2026.3.12 - Forged Event Injection via Feishu Webhook Verification Token — OpenClaw 8.6 High2026-03-29
CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check — forge 7.5 High2026-03-27
CVE-2026-33894 Forge has signature forgery in RSA-PKCS due to ASN.1 extra field — forge 7.5 High2026-03-27
CVE-2026-33487 goxmldsig has validateSignature Loop Variable Capture Signature Bypass — goxmldsig 7.5 High2026-03-26
CVE-2026-4600 jsrsasign 安全漏洞 — jsrsasign 7.4 High2026-03-23
CVE-2026-4115 PuTTY Ed25519 Signature ecc-ssh.c eddsa_verify signature verification — PuTTY 3.7 Low2026-03-22
CVE-2026-4541 janmojzis tinyssh Ed25519 Signature crypto_sign_ed25519_tinyssh.c signature verification — tinyssh 2.5 Low2026-03-22
CVE-2026-4478 Yi Technology YI Home Camera HTTP Firmware Update ipc signature verification — YI Home Camera 8.1 High2026-03-20
CVE-2026-3564 ScreenConnect Instance Level Cryptographic Material Exposure — ScreenConnect 9.0 Critical2026-03-17
CVE-2026-4258 sjcl 安全漏洞 — sjcl 7.5 High2026-03-17
CVE-2026-27962 Authlib JWS JWK Header Injection: Signature Verification Bypass — authlib 9.1 Critical2026-03-16
CVE-2026-3562 Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability — Hue Bridge 8.8AIHighAI2026-03-13
CVE-2026-32614 Go ShangMi SM9 Infinity-Point Ciphertext Forgery Vulnerability — gmsm 7.5 High2026-03-13

Vulnerabilities classified as CWE-347 (密码学签名的验证不恰当) represent 357 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.