CWE-347: Improper Verification of Cryptographic Signature — known CVE vulnerabilities
CVEs classified under CWE-347 (Improper Verification of Cryptographic Signature), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2023-25574 — CVSS 10.0 (critical): `jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was…
CVE-2024-45409 — CVSS 10.0 (critical): The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not…
CVE-2024-32962 — CVSS 10.0 (critical): xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check…
CVE-2022-24884 — CVSS 10.0 (critical): ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether…
CVE-2021-33885 — CVSS 10.0 (critical): An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated…
CVE-2026-44748 — CVSS 9.9 (critical): SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed…
CVE-2024-21669 — CVSS 9.9 (critical): Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in…
CVE-2022-39366 — CVSS 9.9 (critical): DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS)…
CVE-2026-36721 — CVSS 9.8 (critical): A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass…
CVE-2026-6911 — CVSS 9.8 (critical): Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative…
CVE-2026-20997 — CVSS 9.8 (critical): Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass…
CVE-2026-28802 — CVSS 9.8 (critical): Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests…
CVE-2026-23518 — CVSS 9.8 (critical): Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in…
CVE-2025-15444 — CVSS 9.8 (critical): Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium <= 1.0.20 or a version…
CVE-2023-53951 — CVSS 9.8 (critical): Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation…
CVE-2025-59719 — CVSS 9.8 (critical): An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0…
CVE-2025-9485 — CVSS 9.8 (critical): The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in…
CVE-2025-8454 — CVSS 9.8 (critical): It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of…
CVE-2025-4658 — CVSS 9.8 (critical): Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature…
CVE-2025-3757 — CVSS 9.8 (critical): Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature…
CVE-2025-25292 — CVSS 9.8 (critical): ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was…
CVE-2025-25291 — CVSS 9.8 (critical): ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was…
CVE-2024-47943 — CVSS 9.8 (critical): The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch…
CVE-2024-47832 — CVSS 9.8 (critical): ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker…
CVE-2024-6800 — CVSS 9.8 (critical): An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific…
CVE-2018-25099 — CVSS 9.8 (critical): In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag.
CVE-2024-21917 — CVSS 9.8 (critical): A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and…
CVE-2023-44077 — CVSS 9.8 (critical): Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka PMP-2636.
CVE-2016-20021 — CVSS 9.8 (critical): In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file…
CVE-2023-5347 — CVSS 9.8 (critical): An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole…
CVE-2023-28610 — CVSS 9.8 (critical): The update process in OMICRON StationGuard and OMICRON StationScout before 2.21 can be exploited by providing a modified firmware update…
CVE-2023-25718 — CVSS 9.8 (critical): In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions…
CVE-2022-23334 — CVSS 9.8 (critical): The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing…
CVE-2022-31207 — CVSS 9.8 (critical): The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. They…
CVE-2022-31206 — CVSS 9.8 (critical): The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic…
CVE-2022-31053 — CVSS 9.8 (critical): Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a…
CVE-2021-43572 — CVSS 9.8 (critical): The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) before 2.0.1 fails to check that the…
CVE-2021-43571 — CVSS 9.8 (critical): The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows…
CVE-2021-43570 — CVSS 9.8 (critical): The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows…
CVE-2021-43569 — CVSS 9.8 (critical): The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows…
CVE-2021-43568 — CVSS 9.8 (critical): The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that the signature is non-zero, which allows…
CVE-2021-38195 — CVSS 9.8 (critical): An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S…
CVE-2021-37160 — CVSS 9.8 (critical): A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of…