Weaknesses of type CWE-347
471 resultsCVE-2024-56161HIGHImproper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicEPSS 0.5%CVE-2023-1204MEDIUMAn issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 befoEPSS 0.5%CVE-2022-35930HIGHAbility to bypass attestation verification in sigstore PolicyControllerEPSS 0.5%CVE-2020-12042—Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. AEPSS 0.5%CVE-2023-46234MEDIUMbrowserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attackEPSS 0.5%CVE-2024-48949CRITICALThe verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) ||EPSS 0.5%CVE-2024-13172HIGHImproper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows EPSS 0.5%CVE-2021-20319—An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the iEPSS 0.5%CVE-2023-50714MEDIUMThe Oauth2 PKCE implementation is vulnerableEPSS 0.5%CVE-2020-10759—A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, aEPSS 0.5%CVE-2018-25099CRITICALIn the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag.EPSS 0.5%CVE-2026-33117CRITICALAzure SDK for Java Security Feature Bypass VulnerabilityEPSS 0.5%CVE-2022-24759HIGHFailure to validate signature during handshake in @chainsafe/libp2p-noiseEPSS 0.5%CVE-2022-39237MEDIUMDigital Signature Hash Algorithms Not Validated in sylabs/sifEPSS 0.5%CVE-2025-13662HIGHImproper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1EPSS 0.5%CVE-2025-47949CRITICALsamlify SAML Signature Wrapping attackEPSS 0.5%CVE-2023-34435HIGHA firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted networEPSS 0.5%CVE-2024-34358MEDIUMTYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageControllerEPSS 0.5%CVE-2020-12046—Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmware files’ signatures are not verified upon firmware update. This allows an atEPSS 0.5%CVE-2023-39969CRITICALuthenticode signature validation bypass vulnerabilityEPSS 0.5%