Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-347 (密码学签名的验证不恰当) — Vulnerability Class 357

357 vulnerabilities classified as CWE-347 (密码学签名的验证不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-22818 JWT algorithm confusion in Hono JWK Auth Middleware when JWK lacks "alg" (untrusted header.alg fallback) — hono 8.2 High2026-01-13
CVE-2025-68925 Jervis has a JWT Algorithm Confusion Vulnerability — jervis 9.8AICriticalAI2026-01-13
CVE-2026-20965 Windows Admin Center Elevation of Privilege Vulnerability — Windows Admin Center in Azure Portal 7.5 High2026-01-13
CVE-2025-68972 GNUPG 数据伪造问题漏洞 — GnuPG 5.9 Medium2025-12-27
CVE-2023-53951 Ever Gauzy v0.281.9 JWT Authentication Weakness via HMAC Secret — ever gauzy 9.8 Critical2025-12-19
CVE-2025-64786 Acrobat Reader | Improper Verification of Cryptographic Signature (CWE-347) — Acrobat Reader 3.3 Low2025-12-09
CVE-2025-64787 Acrobat Reader | Improper Verification of Cryptographic Signature (CWE-347) — Acrobat Reader 3.3 Low2025-12-09
CVE-2025-59718 Fortinet多款产品 数据伪造问题漏洞 — FortiSwitchManager 9.1 Critical2025-12-09
CVE-2025-59719 Fortinet FortiWeb 数据伪造问题漏洞 — FortiWeb 9.1 Critical2025-12-09
CVE-2025-13662 Ivanti Endpoint Manager 数据伪造问题漏洞 — Endpoint Manager 7.8 High2025-12-09
CVE-2025-66568 ruby-saml Libxml2 Canonicalization errors can bypass Digest/Signature validation — ruby-saml 7.4AIHighAI2025-12-09
CVE-2025-66567 ruby-saml has a SAML authentication bypass due to namespace handling (parser differential) — ruby-saml 9.1AICriticalAI2025-12-09
CVE-2025-65945 auth0/node-jws improper HMAC signature verification vulnerability — node-jws 7.5 High2025-12-04
CVE-2025-40934 XML-Sig prior to 0.68 for Perl improperly validates XML without signatures — XML::Sig 7.5AIHighAI2025-11-26
CVE-2025-34324 GoSign Desktop < 2.4.1 Insecure Update Mechanism RCE — GoSign Desktop 7.5AIHighAI2025-11-18
CVE-2025-64740 Zoom Workplace VDI Client for Windows - Improper Verification of Cryptographic Signature — Zoom Workplace VDI Client 7.5 High2025-11-13
CVE-2025-64186 Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves — evervault-go 8.7 High2025-11-12
CVE-2025-64456 JetBrains ReSharper 数据伪造问题漏洞 — ReSharper 8.4 High2025-11-10
CVE-2025-54549 Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO — DANZ Monitoring Fabric 5.9 Medium2025-10-29
CVE-2025-58356 Constellation allows insecure use of LUKS2 persistent storage partitions — constellation 6.5AIMediumAI2025-10-27
CVE-2025-12295 D-Link DAP-2695 Firmware Update sub_40C6B8 signature verification — DAP-2695 6.6 Medium2025-10-27
CVE-2025-34503 Shuffle Master Deck Mate 1 Unauthenticated EEPROM Firmware Execution — Deck Mate 1 6.8 -2025-10-24
CVE-2025-55039 Apache Spark, Apache Spark: RPC encryption defaults to unauthenticated AES-CTR mode, enabling man-in-the-middle ciphertext modification attacks — Apache Spark 5.9AIMediumAI2025-10-15
CVE-2025-59288 Playwright Spoofing Vulnerability — microsoft/playwright 5.3 Medium2025-10-14
CVE-2025-46774 Fortinet FortiClient MacOS installer 数据伪造问题漏洞 — FortiClientMac 6.8 High2025-10-14
CVE-2025-9485 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.12 - Authentication Bypass via get_resource_owner_from_id_token() — OAuth Single Sign On – SSO (OAuth Client) 9.8 Critical2025-10-04
CVE-2025-59934 Formbricks missing JWT signature verification — formbricks 9.4 Critical2025-09-26
CVE-2025-7937 Supermicro BMC firmware update validation bypass — MBD-X12STW 7.2 High2025-09-19
CVE-2025-6198 Supermicro BMC firmware update validation bypass — X13SEM-F 7.2 High2025-09-19
CVE-2025-59334 Linkr allows manifest tampering leading to arbitrary file injection — Linkr 9.7 Critical2025-09-16

Vulnerabilities classified as CWE-347 (密码学签名的验证不恰当) represent 357 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.