Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-347

CWE-347

Improper Verification of Cryptographic Signature

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

686 vulnerabilities with CWE-347

CVE-2026-42743 MEDIUM

WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability

CVE-2026-48558 CRITICAL

SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification

CVE-2026-50010 HIGH

Netty's wrapping plain trust manager silently disables hostname verification

CVE-2026-50634 MEDIUM

Apache CXF: WS JSON request filter trusts metadata from an unvalidated first signature entry

CVE-2026-41005 CRITICAL

Cloud Foundry - UAA Accepts SAML Encrypted Assertions Authentication Bypass

CVE-2026-10795 HIGH

UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc

CVE-2026-42462 HIGH

Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring

CVE-2026-52754 HIGH

Ghidra < 12.1 - Authentication Bypass via Null Signature in PKIAuthenticationModule

CVE-2026-41694 LOW

Spring Security - SAML Payloads Decrypted Without Valid Signature

CVE-2026-36721 CRITICAL

bookcars 8.3 - Authentication Bypass via Forged JWT Token

CVE-2026-44748 CRITICAL

XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform

CVE-2026-45614 MEDIUM

OP-TEE optee_os - OP-TEE Vulnerable to ECDH Private Key Recovery

CVE-2026-6873 LOW

Signed cookie salt namespace collision in django.http.HttpRequest.get_signed_cookie

CVE-2026-47201 HIGH

authentik: XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

CVE-2026-48526 HIGH

PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed

CVE-2026-48523 MEDIUM

PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys

CVE-2026-9793 MEDIUM

Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing

CVE-2026-44720 MEDIUM

OpenLearnX: Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account Takeover

CVE-2026-45575 HIGH

epa4all-client: Improper Verification of Cryptographic Signature

CVE-2026-39829 HIGH

Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh

CVE-2026-44714 HIGH

bitcoinj: ScriptExecution P2PKH/P2WPKH Verification Bypass

CVE-2026-44699 CRITICAL

LibJWT: Algorithm confusion allows JWT forgery with RSA JWK as empty-key HMAC

CVE-2026-44309 MEDIUM

gitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commits

CVE-2026-42602 HIGH

azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay

CVE-2026-0265 HIGH

Palo Alto Networks PAN-OS Unauthenticated Authentication Bypass via Cloud Authentication Service

Page 1 of 28 Next

Details

Vulnerabilities 686

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy