CWE-347 密码学签名的验证不恰当 类弱点 371 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-347 属于完整性校验缺失类漏洞,指软件未正确验证数据的加密签名。攻击者常通过篡改数据并伪造签名,实施中间人攻击或注入恶意载荷,从而绕过身份认证或数据完整性检查。开发者应确保对所有关键数据使用强加密算法进行签名验证,严格校验签名有效性,并在验证失败时拒绝处理,以保障数据真实性和系统安全。
File f = new File(downloadedFilePath); JarFile jf = new JarFile(f);| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2025-64186 | Evervault Go SDK 数据伪造问题漏洞 — evervault-go | 8.7 | High | 2025-11-12 |
| CVE-2025-64456 | JetBrains ReSharper 数据伪造问题漏洞 — ReSharper | 8.4 | High | 2025-11-10 |
| CVE-2025-54549 | Arista DANZ Monitoring Fabric 安全漏洞 — DANZ Monitoring Fabric | 5.9 | Medium | 2025-10-29 |
| CVE-2025-58356 | Always Encrypted Kubernetes 数据伪造问题漏洞 — constellation | 6.5AI | MediumAI | 2025-10-27 |
| CVE-2025-12295 | D-Link DAP-2695 数据伪造问题漏洞 — DAP-2695 | 6.6 | Medium | 2025-10-27 |
| CVE-2025-34503 | Light & Wonder Deck Mate 安全漏洞 — Deck Mate 1 | 6.8 | - | 2025-10-24 |
| CVE-2025-55039 | Apache Spark 安全漏洞 — Apache Spark | 5.9AI | MediumAI | 2025-10-15 |
| CVE-2025-59288 | Microsoft Playwright 数据伪造问题漏洞 — microsoft/playwright | 5.3 | Medium | 2025-10-14 |
| CVE-2025-46774 | Fortinet FortiClient MacOS installer 数据伪造问题漏洞 — FortiClientMac | 6.8 | High | 2025-10-14 |
| CVE-2025-9485 | WordPress plugin OAuth Single Sign On – SSO (OAuth Client) 数据伪造问题漏洞 — OAuth Single Sign On – SSO (OAuth Client) | 9.8 | Critical | 2025-10-04 |
| CVE-2025-59934 | formbricks 数据伪造问题漏洞 — formbricks | 9.4 | Critical | 2025-09-26 |
| CVE-2025-7937 | SuperMicro MBD-X12STW 安全漏洞 — MBD-X12STW | 7.2 | High | 2025-09-19 |
| CVE-2025-6198 | SuperMicro MBD-X13SEM-F 安全漏洞 — X13SEM-F | 7.2 | High | 2025-09-19 |
| CVE-2025-59334 | Linkr 安全漏洞 — Linkr | 9.7 | Critical | 2025-09-16 |
| CVE-2025-20248 | Cisco IOS XR 数据伪造问题漏洞 — Cisco IOS XR Software | 6.0 | Medium | 2025-09-10 |
| CVE-2025-52550 | Copeland E3 Supervisory Control 安全漏洞 — E3 Supervisory Control | 4.9AI | MediumAI | 2025-09-02 |
| CVE-2025-57801 | gnark 数据伪造问题漏洞 — gnark | 7.5AI | HighAI | 2025-08-22 |
| CVE-2025-55229 | Microsoft Windows Certificates 数据伪造问题漏洞 — Windows 10 Version 1507 | 5.3 | Medium | 2025-08-21 |
| CVE-2025-4371 | Lenovo 510 FHD和Lenovo Performance FHD 安全漏洞 — 510 FHD Webcam | 6.8 | Medium | 2025-08-18 |
| CVE-2025-40758 | Siemens Mendix SAML 数据伪造问题漏洞 — Mendix SAML (Mendix 10.12 compatible) | 8.7 | High | 2025-08-14 |
| CVE-2025-54982 | Zscaler Client Connector 安全漏洞 — Authentication Server | 9.6 | Critical | 2025-08-05 |
| CVE-2025-43023 | HP Linux Imaging and Printing Software 安全漏洞 — HP Linux Imaging and Printing Software | 9.1AI | CriticalAI | 2025-07-28 |
| CVE-2025-23364 | Siemens TIA Administrator 数据伪造问题漏洞 — TIA Administrator | 6.2 | Medium | 2025-07-08 |
| CVE-2024-49365 | tiny-secp256k1 安全漏洞 — tiny-secp256k1 | 5.3AI | MediumAI | 2025-07-01 |
| CVE-2024-36347 | AMD Processors 安全漏洞 — AMD EPYC™ 7001 Series | 6.4 | Medium | 2025-06-27 |
| CVE-2025-52556 | rfc3161-client 数据伪造问题漏洞 — rfc3161-client | 7.5AI | HighAI | 2025-06-21 |
| CVE-2025-33069 | Microsoft Windows 数据伪造问题漏洞 — Windows 11 Version 24H2 | 5.1 | Medium | 2025-06-10 |
| CVE-2025-24015 | Deno 数据伪造问题漏洞 — deno | 9.8AI | CriticalAI | 2025-06-03 |
| CVE-2022-31807 | Siemens SiPass integrated AC5102和Siemens SiPass integrated ACC-AP 数据伪造问题漏洞 — Building X - Security Manager Edge Controller (ACC-AP) | 6.2 | Medium | 2025-05-23 |
| CVE-2025-47949 | samlify 数据伪造问题漏洞 — samlify | 8.8AI | HighAI | 2025-05-19 |
CWE-347(密码学签名的验证不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 371 条 CVE 漏洞。