CWE-347 · Improper Verification of Cryptographic Signature
702 CVEs classified under CWE-347 (Improper Verification of Cryptographic Signature). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-48558 | Critical | 10.0 | 2026-06-12 | SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC aut… |
CVE-2025-54419 | Critical | 10.0 | 2025-07-28 | A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the (unsigned) original response documen… |
CVE-2023-25574 | Critical | 10.0 | 2025-02-25 | `jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-lt… |
CVE-2024-45409 | Critical | 10.0 | 2024-09-10 | The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signa… |
CVE-2024-32962 | Critical | 10.0 | 2024-05-02 | xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the s… |
CVE-2022-24884 | Critical | 10.0 | 2022-05-06 | ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature value… |
CVE-2021-33885 | Critical | 10.0 | 2021-08-25 | An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to send the… |
CVE-2020-2021 | Critical | 10.0 | 2020-06-29 | When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), impro… |
CVE-2026-44748 | Critical | 9.9 | 2026-06-09 | SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modif… |
CVE-2024-21669 | Critical | 9.9 | 2024-01-11 | Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments… |
CVE-2022-39366 | Critical | 9.9 | 2022-10-28 | DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS) does not verify the sig… |
CVE-2026-36721 | Critical | 9.8 | 2026-06-09 | A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT… |
CVE-2026-6911 | Critical | 9.8 | 2026-04-24 | Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the appli… |
CVE-2026-33746 | Critical | 9.8 | 2026-04-02 | Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode() method did not verify… |
CVE-2026-31946 | Critical | 9.8 | 2026-03-30 | OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, Op… |
CVE-2026-20997 | Critical | 9.8 | 2026-03-16 | Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication. |
CVE-2026-28802 | Critical | 9.8 | 2026-03-06 | Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malic… |
CVE-2026-23518 | Critical | 9.8 | 2026-01-21 | Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enroll… |
CVE-2025-15444 | Critical | 9.8 | 2026-01-06 | Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium <= 1.0.20 or a version of libsodium release… |
CVE-2023-53951 | Critical | 9.8 | 2025-12-19 | Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage th… |