Falhas do tipo CWE-347
478 resultadosCVE-2022-41666HIGHA CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load EPSS 0.1%CVE-2026-1237LOWVulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to upEPSS 0.1%CVE-2026-25793HIGHNebula Has Possible Blocklist Bypass via ECDSA Signature MalleabilityEPSS 0.1%CVE-2020-36843MEDIUMThe implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA EPSS 0.1%CVE-2024-40592MEDIUMAn improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, verEPSS 0.1%CVE-2026-41005CRITICALUAA accepts SAML Encrypted Assertions authentication bypassEPSS 0.1%CVE-2026-34240HIGHjose vulnerable to untrusted JWK header key acceptance during signature verificationEPSS 0.1%CVE-2022-25333HIGHFlawed SK_LOAD module authenticity check in Texas Instruments OMAP L138EPSS 0.1%CVE-2023-41744HIGHLocal privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS) befEPSS 0.1%CVE-2024-5912MEDIUMCortex XDR Agent: Improper File Signature Verification ChecksEPSS 0.1%CVE-2026-32294HIGHJetKVM insufficient firmware verificationEPSS 0.1%CVE-2022-2790MEDIUMEmerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature,EPSS 0.1%CVE-2025-68925MEDIUMJervis has a JWT Algorithm Confusion VulnerabilityEPSS 0.1%CVE-2026-48523MEDIUMPyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keysEPSS 0.1%CVE-2026-42193CRITICALPlunk: SNS webhook forgeryEPSS 0.1%CVE-2024-23460MEDIUMIncorrect signature validation of packageEPSS 0.1%CVE-2024-47476HIGHDell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthEPSS 0.1%CVE-2025-43521MEDIUMA downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS EPSS 0.1%CVE-2025-64186HIGHEvervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted EnclavesEPSS 0.1%CVE-2026-33467MEDIUMImproper Verification of Cryptographic Signature in Elastic Package Registry Leading to Package Integrity BypassEPSS 0.1%