Total
632 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20178 | 1 Cisco | 1 Secure Network Analytics | 2026-02-26 | 6 Medium |
| A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to insufficient integrity checks within device backup files. An attacker with valid administrative credentials could exploit this vulnerability by crafting a malicious backup file and restoring it to an affected device. A successful exploit could allow the attacker to obtain shell access on the underlying operating system with the privileges of root. | ||||
| CVE-2025-47827 | 2 Igel, Microsoft | 16 Igel Os, Windows 10 1507, Windows 10 1607 and 13 more | 2026-02-26 | 4.6 Medium |
| In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. | ||||
| CVE-2024-36347 | 2026-02-26 | 6.4 Medium | ||
| Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment. | ||||
| CVE-2025-54982 | 1 Zscaler | 1 Authentication Server | 2026-02-26 | 9.6 Critical |
| An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse. | ||||
| CVE-2025-20248 | 1 Cisco | 1 Ios Xr Software | 2026-02-26 | 6 Medium |
| A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR Software image signature verification and load unsigned software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to incomplete validation of files during the installation of an .iso file. An attacker could exploit this vulnerability by modifying contents of the .iso image and then installing and activating it on the device. A successful exploit could allow the attacker to load an unsigned file as part of the image activation process. | ||||
| CVE-2025-6198 | 1 Supermicro | 1 Mbd-x13sem-f | 2026-02-26 | 7.2 High |
| There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image. | ||||
| CVE-2025-7937 | 1 Supermicro | 1 Mbd-x12stw | 2026-02-26 | 7.2 High |
| There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW . An attacker can update the system firmware with a specially crafted image. | ||||
| CVE-2025-46774 | 2 Apple, Fortinet | 3 Macos, Forticlient, Forticlientmac | 2026-02-26 | 6.8 Medium |
| An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables. | ||||
| CVE-2025-64456 | 1 Jetbrains | 1 Resharper | 2026-02-26 | 8.4 High |
| In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation | ||||
| CVE-2025-40778 | 1 Isc | 1 Bind 9 | 2026-02-26 | 8.6 High |
| Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1. | ||||
| CVE-2025-64740 | 2 Microsoft, Zoom | 6 Windows, Workplace, Workplace App and 3 more | 2026-02-26 | 7.5 High |
| Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
| CVE-2025-13662 | 1 Ivanti | 1 Endpoint Manager | 2026-02-26 | 7.8 High |
| Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required. | ||||
| CVE-2025-59719 | 1 Fortinet | 1 Fortiweb | 2026-02-26 | 9.1 Critical |
| An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message. | ||||
| CVE-2025-59718 | 1 Fortinet | 3 Fortios, Fortiproxy, Fortiswitchmanager | 2026-02-26 | 9.1 Critical |
| A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message. | ||||
| CVE-2026-20965 | 1 Microsoft | 2 Azure Portal Windows Admin Center, Windows Admin Center | 2026-02-26 | 7.5 High |
| Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-1568 | 1 Rapid7 | 1 Insightvm | 2026-02-26 | 9.6 Critical |
| Rapid7 InsightVM versions beforeĀ 8.34.0 contain a signature verification issue on theĀ Assertion Consumer Service (ACS) cloud endpoint that could allow an attacker to gain unauthorized access to InsightVM accounts setup via "Security Console" installations, resulting in full account takeover. The issue occurs due to the application processing these unsigned assertions and issuing session cookies that granted access to the targeted user accounts. This has been fixed in version 8.34.0 of InsightVM. | ||||
| CVE-2026-23687 | 2 Sap, Sap Se | 2 Sap Basis, Sap Netweaver And Abap Platform | 2026-02-26 | 8.8 High |
| SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage. | ||||
| CVE-2025-12006 | 1 Supermicro | 1 Mbd-x12stw | 2026-02-26 | 7.2 High |
| There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially crafted image. | ||||
| CVE-2024-2307 | 1 Redhat | 1 Enterprise Linux | 2026-02-25 | 6.1 Medium |
| A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built. | ||||
| CVE-2020-1464 | 1 Microsoft | 22 Windows 10, Windows 10 1507, Windows 10 1607 and 19 more | 2026-02-23 | 7.8 High |
| A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures. | ||||