Common Weakness Enumeration

CWE-347

Allowed

Improper Verification of Cryptographic Signature

Abstraction: Base · Status: Draft

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

1128 vulnerabilities reference this CWE, most recent first.

GHSA-7FPJ-9HR8-28VH

Vulnerability from github – Published: 2024-04-17 18:25 – Updated: 2024-11-18 17:28
VLAI
Summary
Keycloak vulnerable to impersonation via logout token exchange
Details

Keycloak was found to not properly enforce token types when validating signatures locally. An authenticated attacker could use this flaw to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-services"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "22.0.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-services"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "23.0.0"
            },
            {
              "fixed": "24.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-0657"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-273",
      "CWE-284",
      "CWE-287",
      "CWE-290",
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-17T18:25:59Z",
    "nvd_published_at": "2024-11-17T11:15:05Z",
    "severity": "LOW"
  },
  "details": "Keycloak was found to not properly enforce token types when validating signatures locally. An authenticated attacker could use this flaw to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.\n\n",
  "id": "GHSA-7fpj-9hr8-28vh",
  "modified": "2024-11-18T17:28:39Z",
  "published": "2024-04-17T18:25:59Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-7fpj-9hr8-28vh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0657"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1867"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1868"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-0657"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166728"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keycloak/keycloak"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Keycloak vulnerable to impersonation via logout token exchange"
}

GHSA-7G2H-2MGX-VHPC

Vulnerability from github – Published: 2024-12-03 12:31 – Updated: 2024-12-03 12:31
VLAI
Details

Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47476"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-03T10:15:05Z",
    "severity": "HIGH"
  },
  "details": "Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution.",
  "id": "GHSA-7g2h-2mgx-vhpc",
  "modified": "2024-12-03T12:31:11Z",
  "published": "2024-12-03T12:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47476"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000255884/dsa-2024-477-security-update-for-dell-networker-runtime-environment-nre-multiple-component-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7G3P-MPGP-Q5C5

Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2023-03-24 18:30
VLAI
Details

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1809"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-15T23:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.",
  "id": "GHSA-7g3p-mpgp-q5c5",
  "modified": "2023-03-24T18:30:22Z",
  "published": "2022-05-24T16:45:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1809"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-psvb"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108375"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7G5X-9C4V-4W5R

Vulnerability from github – Published: 2026-02-27 09:30 – Updated: 2026-02-28 02:44
VLAI
Summary
Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass
Details

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-services"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "26.4.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-12150"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-28T02:44:46Z",
    "nvd_published_at": "2026-02-27T09:16:15Z",
    "severity": "LOW"
  },
  "details": "A flaw was found in Keycloak\u2019s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: \"none\", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.",
  "id": "GHSA-7g5x-9c4v-4w5r",
  "modified": "2026-02-28T02:44:46Z",
  "published": "2026-02-27T09:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12150"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/issues/35110"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/issues/43723"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:21370"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:21371"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:22088"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:22089"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-12150"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406192"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keycloak/keycloak"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass"
}

GHSA-7GH2-8Q93-87HP

Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2023-10-05 19:26
VLAI
Summary
Wizkunde SAMLBase SAML Bypass
Details

Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "gogentooss/samlbase"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-5387"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-07T19:21:30Z",
    "nvd_published_at": "2018-07-24T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.",
  "id": "GHSA-7gh2-8q93-87hp",
  "modified": "2023-10-05T19:26:56Z",
  "published": "2022-05-13T01:02:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5387"
    },
    {
      "type": "WEB",
      "url": "https://github.com/GoGentoOSS/SAMLBase/issues/3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/GoGentoOSS/SAMLBase/commit/482cdf8c090e0f1179073034ebcb609ac7c3f5b3"
    },
    {
      "type": "WEB",
      "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/GoGentoOSS/SAMLBase"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/475445"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": " Wizkunde SAMLBase SAML Bypass"
}

GHSA-7JJM-882P-F82J

Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31
VLAI
Details

Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.

The specific flaw exists within the Updater service. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-21817.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-50228"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T03:16:11Z",
    "severity": "HIGH"
  },
  "details": "Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Updater service. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-21817.",
  "id": "GHSA-7jjm-882p-f82j",
  "modified": "2024-05-03T03:31:06Z",
  "published": "2024-05-03T03:31:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50228"
    },
    {
      "type": "WEB",
      "url": "https://kb.parallels.com/en/125013"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1803"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7JQ6-7F95-HV67

Vulnerability from github – Published: 2024-04-09 18:30 – Updated: 2024-04-09 18:30
VLAI
Details

Windows Cryptographic Services Security Feature Bypass Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26228"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-09T17:15:42Z",
    "severity": "HIGH"
  },
  "details": "Windows Cryptographic Services Security Feature Bypass Vulnerability",
  "id": "GHSA-7jq6-7f95-hv67",
  "modified": "2024-04-09T18:30:25Z",
  "published": "2024-04-09T18:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26228"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26228"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7MVR-C777-76HP

Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-24 20:05
VLAI
Summary
Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate
Details

Summary

Use of curl with the -k (or --insecure) flag in installer scripts allows attackers to deliver arbitrary executables via Man-in-the-Middle (MitM) attacks. This can lead to full system compromise, as the downloaded files are installed as privileged applications.

Details

The following scripts in the microsoft/playwright repository at commit bee11cbc28f24bd18e726163d0b9b1571b4f26a8 use curl -k to fetch and install executable packages without verifying the authenticity of the SSL certificate:

In each case, the shell scripts download a browser installer package using curl -k and immediately install it:

curl --retry 3 -o ./<pkg-file> -k <url>
sudo installer -pkg /tmp/<pkg-file> -target /

Disabling SSL verification (-k) means the download can be intercepted and replaced with malicious content.

PoC

A high-level exploitation scenario:

  1. An attacker performs a MitM attack on a network where the victim runs one of these scripts.
  2. The attacker intercepts the HTTPS request and serves a malicious package (for example, a trojaned browser installer).
  3. Because curl -k is used, the script downloads and installs the attacker's payload without any certificate validation.
  4. The attacker's code is executed with system privileges, leading to full compromise.

No special configuration is needed: simply running these scripts on any untrusted or hostile network is enough.

Impact

This is a critical Remote Code Execution (RCE) vulnerability due to improper SSL certificate validation (CWE-295: Improper Certificate Validation). Any user or automation running these scripts is at risk of arbitrary code execution as root/admin, system compromise, data theft, or persistent malware installation. The risk is especially severe because browser packages are installed with elevated privileges and the scripts may be used in CI/CD or developer environments.

Fix

  • https://github.com/microsoft/playwright/commit/72c62d840247d9defd87c6beb0344d456794b570
  • https://github.com/microsoft/playwright/pull/37532
  • https://github.com/microsoft/playwright/releases/tag/v1.56.0

Credit

  • This vulnerability was uncovered by tooling by Socket
  • This vulnerability was confirmed by @evilpacket
  • This vulnerability was reported by @JLLeitschuh at Socket

Disclosure

  • September 10th, 2025 - Disclosed to Microsoft privately via https://github.com/microsoft/playwright/security/advisories/GHSA-gx27-2j22-qcx8
  • September 11th, 2025 - Reported to Microsoft via MSRC Researcher Portal - https://msrc.microsoft.com/report/vulnerability/VULN-162854
  • September 11th, 2025 - Microsoft closed report as "Complete - N/A"
  • September 18th, 2025 - Following a LinkedIn Post
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "playwright"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.55.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-59288"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-20T14:19:32Z",
    "nvd_published_at": "2025-10-14T17:16:11Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nUse of `curl` with the `-k` (or `--insecure`) flag in installer scripts allows attackers to deliver arbitrary executables via Man-in-the-Middle (MitM) attacks. This can lead to full system compromise, as the downloaded files are installed as privileged applications.\n\n### Details\nThe following scripts in the `microsoft/playwright` repository at commit [`bee11cbc28f24bd18e726163d0b9b1571b4f26a8`](https://github.com/microsoft/playwright/commit/bee11cbc28f24bd18e726163d0b9b1571b4f26a8) use `curl -k` to fetch and install executable packages without verifying the authenticity of the SSL certificate:\n\n\n- [`packages/playwright-core/bin/reinstall_chrome_beta_mac.sh`](https://github.com/microsoft/playwright/blob/bee11cbc28f24bd18e726163d0b9b1571b4f26a8/packages/playwright-core/bin/reinstall_chrome_beta_mac.sh)\n- [`packages/playwright-core/bin/reinstall_chrome_stable_mac.sh`](https://github.com/microsoft/playwright/blob/bee11cbc28f24bd18e726163d0b9b1571b4f26a8/packages/playwright-core/bin/reinstall_chrome_stable_mac.sh)\n- [`packages/playwright-core/bin/reinstall_msedge_dev_mac.sh`](https://github.com/microsoft/playwright/blob/bee11cbc28f24bd18e726163d0b9b1571b4f26a8/packages/playwright-core/bin/reinstall_msedge_dev_mac.sh)\n- [`packages/playwright-core/bin/reinstall_msedge_beta_mac.sh`](https://github.com/microsoft/playwright/blob/bee11cbc28f24bd18e726163d0b9b1571b4f26a8/packages/playwright-core/bin/reinstall_msedge_beta_mac.sh)\n- [`packages/playwright-core/bin/reinstall_msedge_stable_mac.sh`](https://github.com/microsoft/playwright/blob/bee11cbc28f24bd18e726163d0b9b1571b4f26a8/packages/playwright-core/bin/reinstall_msedge_stable_mac.sh)\n\nIn each case, the shell scripts download a browser installer package using `curl -k` and immediately install it:\n\n```shell\ncurl --retry 3 -o ./\u003cpkg-file\u003e -k \u003curl\u003e\nsudo installer -pkg /tmp/\u003cpkg-file\u003e -target /\n```\n\nDisabling SSL verification (`-k`) means the download can be intercepted and replaced with malicious content.\n\n### PoC\nA high-level exploitation scenario:\n\n1. An attacker performs a MitM attack on a network where the victim runs one of these scripts.\n2. The attacker intercepts the HTTPS request and serves a malicious package (for example, a trojaned browser installer).\n3. Because `curl -k` is used, the script downloads and installs the attacker\u0027s payload without any certificate validation.\n4. The attacker\u0027s code is executed with system privileges, leading to full compromise.\n\nNo special configuration is needed: simply running these scripts on any untrusted or hostile network is enough.\n\n### Impact\nThis is a critical Remote Code Execution (RCE) vulnerability due to improper SSL certificate validation (CWE-295: Improper Certificate Validation). Any user or automation running these scripts is at risk of arbitrary code execution as root/admin, system compromise, data theft, or persistent malware installation. The risk is especially severe because browser packages are installed with elevated privileges and the scripts may be used in CI/CD or developer environments.\n\n### Fix\n\n - https://github.com/microsoft/playwright/commit/72c62d840247d9defd87c6beb0344d456794b570\n - https://github.com/microsoft/playwright/pull/37532\n - https://github.com/microsoft/playwright/releases/tag/v1.56.0\n\n### Credit\n\n- This vulnerability was uncovered by tooling by [Socket](https://socket.dev/)\n- This vulnerability was confirmed by @evilpacket\n- This vulnerability was reported by @JLLeitschuh at Socket\n\n### Disclosure\n - September 10th, 2025 - Disclosed to Microsoft privately via https://github.com/microsoft/playwright/security/advisories/GHSA-gx27-2j22-qcx8\n - September 11th, 2025 - Reported to Microsoft via MSRC Researcher Portal - https://msrc.microsoft.com/report/vulnerability/VULN-162854\n - September 11th, 2025 - Microsoft closed report as \"Complete - N/A\"\n - September 18th, 2025 - Following a [LinkedIn Post](https://www.linkedin.com/posts/jonathan-leitschuh_its-a-sad-state-of-the-world-when-i-acknowledge-activity-7374601182117511168--wnI?utm_source=social_share_send\u0026utm_medium=member_desktop_web\u0026rcm=ACoAAA0SLMUBScBUspIv0-LQ1ecAwsqt5l81eG4)",
  "id": "GHSA-7mvr-c777-76hp",
  "modified": "2025-10-24T20:05:47Z",
  "published": "2025-10-14T18:30:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/SocketDev/security-research/security/advisories/GHSA-qxm8-4v54-964r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59288"
    },
    {
      "type": "WEB",
      "url": "https://github.com/microsoft/playwright/pull/37532"
    },
    {
      "type": "WEB",
      "url": "https://github.com/microsoft/playwright/commit/72c62d840247d9defd87c6beb0344d456794b570"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/microsoft/playwright"
    },
    {
      "type": "WEB",
      "url": "https://github.com/microsoft/playwright/releases/tag/v1.55.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/microsoft/playwright/releases/tag/v1.56.0"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59288"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate"
}

GHSA-7QHR-G3XW-3692

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-05-24 19:17
VLAI
Details

It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-41830"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-11T08:15:00Z",
    "severity": "HIGH"
  },
  "details": "It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory.",
  "id": "GHSA-7qhr-g3xw-3692",
  "modified": "2022-05-24T19:17:14Z",
  "published": "2022-05-24T19:17:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41830"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r97d287c88881aa581f1b18cb01e2cbedc4e6eae85958491acb89b12e%40%3Cusers.openoffice.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/raaab8a3b91f8d7b7ba14f873b8d0fd13952c823acc3385b7a374e754@%3Cannounce.apache.org%3E"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-7R96-8G3X-G36M

Vulnerability from github – Published: 2021-06-28 17:16 – Updated: 2026-01-23 22:42
VLAI
Summary
Improper Verification of Cryptographic Signature
Details

Impact

The verifyWithMessage method of tEnvoyNaClSigningKey always returns true for any signature of a SHA-512 hash matching the SHA-512 hash of the message even if the signature is invalid.

Patches

Upgrade to v7.0.3 immediately to resolve this issue. Since the vulnerability lies within the verification method, the previous signatures are still valid. We highly recommend reverifying any signatures that were previously verified with the vulnerable verifyWithMessage method.

Workarounds

In tenvoy.js under the verifyWithMessage method definition within the tEnvoyNaClSigningKey class, ensure that the return statement call to this.verify ends in .verified. For example, the return statement should start with return this.verify(signed, password).verified && instead of return this.verify(signed, password) &&.

For more information

If you have any questions or comments about this advisory: * Open an issue in github.com/TogaTech/tEnvoy

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "tenvoy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-32685"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-06-16T20:14:25Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "### Impact\nThe `verifyWithMessage` method of `tEnvoyNaClSigningKey` always returns `true` for any signature of a SHA-512 hash matching the SHA-512 hash of the message even if the signature is invalid.\n\n### Patches\nUpgrade to `v7.0.3` immediately to resolve this issue. Since the vulnerability lies within the verification method, the previous signatures are still valid. We highly recommend reverifying any signatures that were previously verified with the vulnerable `verifyWithMessage` method.\n\n### Workarounds\nIn `tenvoy.js` under the `verifyWithMessage` method definition within the `tEnvoyNaClSigningKey` class, ensure that the return statement call to `this.verify` ends in `.verified`. For example, the return statement should start with `return this.verify(signed, password).verified \u0026\u0026 ` instead of `return this.verify(signed, password) \u0026\u0026 `.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [github.com/TogaTech/tEnvoy](https://github.com/TogaTech/tEnvoy)",
  "id": "GHSA-7r96-8g3x-g36m",
  "modified": "2026-01-23T22:42:09Z",
  "published": "2021-06-28T17:16:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/TogaTech/tEnvoy/security/advisories/GHSA-7r96-8g3x-g36m"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32685"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TogaTech/tEnvoy/commit/a121b34a45e289d775c62e58841522891dee686b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/TogaTech/tEnvoy"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TogaTech/tEnvoy/releases/tag/v7.0.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Verification of Cryptographic Signature"
}

No mitigation information available for this CWE.

CAPEC-463: Padding Oracle Crypto Attack

An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.