Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-347

CWE-347

Improper Verification of Cryptographic Signature

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

651 vulnerabilities with CWE-347

CVE-2026-33467 MEDIUM

Improper Verification of Cryptographic Signature in Elastic Package Registry Leading to Package Integrity Bypass

CVE-2026-38651 HIGH

Netmaker <1.5.0 - Auth Bypass

CVE-2026-6986 LOW

Cesanta Mongoose GCM Authentication Tag tls_aes128.c mg_aes_gcm_decrypt signature verification

CVE-2026-6966 MEDIUM

Signature Threshold Bypass in awslabs/tough Delegated Roles

CVE-2026-6911 CRITICAL

Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel

CVE-2026-34068 MEDIUM

nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge

CVE-2026-40372 CRITICAL

ASP.NET Core Elevation of Privilege Vulnerability

CVE-2026-41301 MEDIUM

OpenClaw 2026.3.22 < 2026.3.31 - Forged Nostr DM Pairing State Creation via Signature Verification Bypass

CVE-2026-5050 HIGH

Payment Gateway for Redsys & WooCommerce Lite <= 7.0.0 - Improper Verification of Cryptographic Signature to Unauthenticated Payment Status Manipulation

CVE-2026-6328 HIGH

XQUIC Improper STREAM Frame Validation in Initial/Handshake Packets

CVE-2026-24032 HIGH

Siemens SINEC NMS <V4.0 SP3 - Auth Bypass

CVE-2026-0234 HIGH

Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration

CVE-2026-5466 HIGH

wc_VerifyEccsiHash missing sanity check

CVE-2026-40070 HIGH

bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)

CVE-2026-39413 MEDIUM

LightRAG has a JWT Algorithm Confusion Vulnerability in LightRAG API

CVE-2026-2625 MEDIUM

Rust-rpm-sequoia: rust-rpm-sequoia: denial of service via crafted rpm file during signature verification

CVE-2026-34840 HIGH

OneUptime SSO: Multi-Assertion Identity Injection via Decoupled Signature Verification

CVE-2026-33746 CRITICAL

Convoy: JWT Signature Verification Bypass Allows Authentication as Arbitrary Users

CVE-2026-34872 CRITICAL

Mbed TLS 3.5.x-3.6.5 - Improper Input Validation

CVE-2026-34240 HIGH

jose vulnerable to untrusted JWK header key acceptance during signature verification

CVE-2026-34377 HIGH

Zebra has a Consensus Failure due to Improper Verification of V5 Transactions

CVE-2026-34155 MEDIUM

RAUC: Improper Signing of Plain Bundles Exceeding 2 GiB

CVE-2026-32883 MEDIUM

Botan: Missing OCSP Response Signature Verification Allows MitM Certificate Revocation Bypass

CVE-2026-31946 CRITICAL

OpenOLAT: Authentication bypass via forged JWT in OIDC implicit flow

CVE-2026-33026 CRITICAL

nginx-ui Backup Restore Allows Tampering with Encrypted Backups

Page 1 of 27 Next

Details

Vulnerabilities 651

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy