Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-347 (密码学签名的验证不恰当) — Vulnerability Class 357

357 vulnerabilities classified as CWE-347 (密码学签名的验证不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-28432 HTTP signature verification can be bypassed — misskey 7.5AIHighAI2026-03-09
CVE-2025-41767 Signature bypass on update upload — UBR-01 Mk II 7.2 High2026-03-09
CVE-2026-3706 mkj Dropbear S Range Check curve25519.c unpackneg signature verification — Dropbear 3.7 Low2026-03-08
CVE-2026-28802 Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification — authlib 9.1 -2026-03-06
CVE-2026-29000 pac4j-jwt JwtAuthenticator Authentication Bypass — pac4j-jwt 9.1 Critical2026-03-04
CVE-2026-27445 PGP Signature Reflection — Secure Email Gateway 7.5AIHighAI2026-03-04
CVE-2026-2746 Missing PGP Signature Tag — Secure Email Gateway 5.3AIMediumAI2026-03-04
CVE-2025-15598 Dataease SQLBot JWT Token auth.py validateEmbedded signature verification — SQLBot 3.7 Low2026-03-03
CVE-2026-3338 PKCS7_verify Signature Validation Bypass in AWS-LC — AWS-LC 7.5 High2026-03-02
CVE-2025-12150 Org.keycloak/keycloak-services: webauthn attestation statement verification bypass — keycloak 3.1 Low2026-02-27
CVE-2026-22866 ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation — ens-contracts 5.9AIMediumAI2026-02-25
CVE-2026-2968 Cesanta Mongoose Poly1305 Authentication Tag tls_chacha20.c mg_chacha20_poly1305_decrypt signature verification — Mongoose 3.7 Low2026-02-23
CVE-2025-32060 Absence of Kernel Module Signature Verification on Linux System of Infotainment ECU — Infotainment system ECU 6.7 Medium2026-02-15
CVE-2026-23687 XML Signature Wrapping in SAP NetWeaver AS ABAP and ABAP Platform — SAP NetWeaver AS ABAP and ABAP Platform 8.8 High2026-02-10
CVE-2026-1529 Org.keycloak.services.resources.organizations: keycloak: unauthorized organization registration via improper invitation token validation — Red Hat build of Keycloak 26.2 8.1 High2026-02-09
CVE-2026-25793 Nebula Has Possible Blocklist Bypass via ECDSA Signature Malleability — nebula 6.2AIMediumAI2026-02-06
CVE-2026-1568 Rapid7 InsightVM Signature Validation Vulnerability — Vulnerability Management 9.6 Critical2026-02-03
CVE-2026-0750 Payment bypass in Commerce Paybox — Drupal Commerce Paybox 9.8AICriticalAI2026-01-28
CVE-2026-24850 ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices — signatures 5.3 Medium2026-01-28
CVE-2025-15469 'openssl dgst' one-shot codepath silently truncates inputs >16MB — OpenSSL 9.1AICriticalAI2026-01-27
CVE-2026-24807 Buffer Overflow Vulnerability in liuyueyi/quick-media — quick-media 9.1AICriticalAI2026-01-27
CVE-2026-22696 dcap-qvl has Missing Verification for QE Identity — dcap-qvl 7.5AIHighAI2026-01-26
CVE-2026-23992 go-tuf improperly validates the configured threshold for delegations — go-tuf 5.9 Medium2026-01-22
CVE-2026-23965 sm-crypto Affected by Signature Forgery in SM2-DSA — sm-crypto 7.5 High2026-01-22
CVE-2026-23967 sm-crypto Affected by Signature Malleability in SM2-DSA — sm-crypto 7.5 High2026-01-22
CVE-2026-23518 Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment — fleet 9.4AICriticalAI2026-01-21
CVE-2025-36418 Multiple vulnerabilities found in IBM ApplinX. — ApplinX 7.3 High2026-01-20
CVE-2025-12007 Supermicro BMC firmware update validation bypass — X13SEM-F 6.2 -2026-01-16
CVE-2025-12006 Supermicro BMC firmware update validation bypass — X12STW-F 7.2 High2026-01-16
CVE-2026-22817 JWT Algorithm Confusion via Unsafe Default (HS256) in Hono JWT Middleware Allows Token Forgery and Auth Bypass — hono 8.2 High2026-01-13

Vulnerabilities classified as CWE-347 (密码学签名的验证不恰当) represent 357 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.