CWE-347 · Improper Verification of Cryptographic Signature

702 CVEs classified under CWE-347 (Improper Verification of Cryptographic Signature). Browse by severity and year.

Top CVEs for CWE-347
CVESeverityScorePublishedSummary
CVE-2026-48558Critical10.02026-06-12SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC aut…
CVE-2025-54419Critical10.02025-07-28A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the (unsigned) original response documen…
CVE-2023-25574Critical10.02025-02-25`jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-lt…
CVE-2024-45409Critical10.02024-09-10The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signa…
CVE-2024-32962Critical10.02024-05-02xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the s…
CVE-2022-24884Critical10.02022-05-06ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature value…
CVE-2021-33885Critical10.02021-08-25An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to send the…
CVE-2020-2021Critical10.02020-06-29When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), impro…
CVE-2026-44748Critical9.92026-06-09SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modif…
CVE-2024-21669Critical9.92024-01-11Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments…
CVE-2022-39366Critical9.92022-10-28DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS) does not verify the sig…
CVE-2026-36721Critical9.82026-06-09A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT…
CVE-2026-6911Critical9.82026-04-24Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the appli…
CVE-2026-33746Critical9.82026-04-02Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode() method did not verify…
CVE-2026-31946Critical9.82026-03-30OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, Op…
CVE-2026-20997Critical9.82026-03-16Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication.
CVE-2026-28802Critical9.82026-03-06Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malic…
CVE-2026-23518Critical9.82026-01-21Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enroll…
CVE-2025-15444Critical9.82026-01-06Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium <= 1.0.20 or a version of libsodium release…
CVE-2023-53951Critical9.82025-12-19Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage th…