Falhas do tipo CWE-347

471 resultados
CVE-2026-23518CRITICALFleet has a JWT signature bypass vulnerability in Azure AD MDM enrollmentEPSS 0.2%CVE-2025-55039MEDIUMApache Spark, Apache Spark: RPC encryption defaults to unauthenticated AES-CTR mode, enabling man-in-the-middle ciphertext modification attacksEPSS 0.2%CVE-2025-8454CRITICALIt was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scEPSS 0.2%CVE-2021-1453MEDIUMCisco IOS XE Software for the Catalyst 9000 Family Arbitrary Code Execution VulnerabilityEPSS 0.2%CVE-2020-10608In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI SyEPSS 0.2%CVE-2026-42602HIGHazureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replayEPSS 0.2%CVE-2025-40758HIGHA vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) EPSS 0.2%CVE-2025-41767HIGHSignature bypass on update uploadEPSS 0.2%CVE-2023-23940MEDIUMOpenZeppelin Contracts for Cairo is vulnerable to signature validation bypassEPSS 0.2%CVE-2025-41669HIGHInsufficient Verification of Data AuthenticityEPSS 0.2%CVE-2026-2968MEDIUMCesanta Mongoose Poly1305 Authentication Tag tls_chacha20.c mg_chacha20_poly1305_decrypt signature verificationEPSS 0.2%CVE-2026-6986MEDIUMCesanta Mongoose GCM Authentication Tag tls_aes128.c mg_aes_gcm_decrypt signature verificationEPSS 0.2%CVE-2025-59288MEDIUMPlaywright Spoofing VulnerabilityEPSS 0.2%CVE-2024-49365HIGHtiny-secp256k1 allows for verify() bypass when running in bundled environmentEPSS 0.2%CVE-2025-31335MEDIUMThe OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation (when using SAML bindings that rely EPSS 0.2%CVE-2023-50228HIGHParallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation VulnerabilityEPSS 0.2%CVE-2026-32614HIGHGo ShangMi SM9 Infinity-Point Ciphertext Forgery VulnerabilityEPSS 0.2%CVE-2024-23680MEDIUMAWS Encryption SDK for Java Improper Verification of Cryptographic SignatureEPSS 0.2%CVE-2026-20965HIGHWindows Admin Center Elevation of Privilege VulnerabilityEPSS 0.2%CVE-2025-52550HIGHFirmware upgrade packages are unsignedEPSS 0.2%