Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-347

CWE-347

Improper Verification of Cryptographic Signature

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

686 vulnerabilities with CWE-347

CVE-2026-34872 CRITICAL

Mbed TLS 3.5.x-3.6.5 - Improper Input Validation

CVE-2026-34240 HIGH

jose vulnerable to untrusted JWK header key acceptance during signature verification

CVE-2026-34377 HIGH

Zebra V5 Transaction Verification - Consensus Split

CVE-2026-34155 MEDIUM

RAUC: Improper Signing of Plain Bundles Exceeding 2 GiB

CVE-2026-32883 MEDIUM

Botan: Missing OCSP Response Signature Verification Allows MitM Certificate Revocation Bypass

CVE-2026-31946 CRITICAL

OpenOLAT: Authentication bypass via forged JWT in OIDC implicit flow

CVE-2026-33026 CRITICAL

nginx-ui Backup Restore Allows Tampering with Encrypted Backups

CVE-2026-32974 HIGH

OpenClaw < 2026.3.12 - Forged Event Injection via Feishu Webhook Verification Token

CVE-2026-33895 HIGH

Forge has signature forgery in Ed25519 due to missing S > L check

CVE-2026-33894 HIGH

Forge has signature forgery in RSA-PKCS due to ASN.1 extra field

CVE-2026-33487 HIGH

goxmldsig has validateSignature Loop Variable Capture Signature Bypass

CVE-2026-20699 MEDIUM

macOS < 14.8.5, < 15.7.5, < 26.3, < 26.4 - Cryptographic Signature Verification Downgrade

CVE-2026-4600 HIGH

jsrsasign <11.1.1 - Improper Verification of Cryptographic Signature

CVE-2026-4115 LOW

PuTTY Ed25519 Signature ecc-ssh.c eddsa_verify signature verification

CVE-2026-4541 LOW

janmojzis tinyssh Ed25519 Signature crypto_sign_ed25519_tinyssh.c signature verification

CVE-2026-4478 HIGH

Yi Technology YI Home Camera HTTP Firmware Update ipc signature verification

CVE-2026-32294 MEDIUM

JetKVM insufficient firmware verification

CVE-2026-3564 CRITICAL

ScreenConnect Instance Level Cryptographic Material Exposure

CVE-2026-4258 HIGH

sjcl - Improper Verification of Cryptographic Signature

CVE-2026-27962 CRITICAL

Authlib JWS JWK Header Injection: Signature Verification Bypass

CVE-2026-3562 HIGH

Philips Hue Bridge - Unauthenticated Authentication Bypass via Ed25519 Signature Verification

CVE-2026-32614 HIGH

Go ShangMi Library <0.41.1 - Infinity-Point Forgery

CVE-2026-21002 MEDIUM

Samsung Galaxy Store <4.6.03.8 - Auth Bypass

CVE-2026-20997 CRITICAL

Samsung Mobile Smart Switch <3.7.69.15 - Auth Bypass

CVE-2026-20989 LOW

Samsung Mobile Devices - Auth Bypass

Previous Page 3 of 28 Next

Details

Vulnerabilities 686

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy