Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-27670

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-05 Mar, 2025 | 00:00
Updated At-05 Mar, 2025 | 20:46
Rejected At-
Credits

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Signature Validation OVE-20230524-0014.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:05 Mar, 2025 | 00:00
Updated At:05 Mar, 2025 | 20:46
Rejected At:
▼CVE Numbering Authority (CNA)

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Signature Validation OVE-20230524-0014.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
N/A
Hyperlink: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-347CWE-347 Improper Verification of Cryptographic Signature
Type: CWE
CWE ID: CWE-347
Description: CWE-347 Improper Verification of Cryptographic Signature
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:05 Mar, 2025 | 06:15
Updated At:01 Apr, 2025 | 20:48

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Signature Validation OVE-20230524-0014.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
printerlogic
printerlogic
>>vasion_print>>Versions before 20.0.1923(exclusive)
cpe:2.3:a:printerlogic:vasion_print:*:*:*:*:*:*:*:*
printerlogic
printerlogic
>>virtual_appliance>>Versions before 22.0.843(exclusive)
cpe:2.3:a:printerlogic:virtual_appliance:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-347Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-347
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htmcve@mitre.org
Vendor Advisory
Hyperlink: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

0Records found
CVE-2025-27658
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.32% / 54.77%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-01 Apr, 2025 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Authentication Bypass OVE-20230524-0001.

Action-Not Available
Vendor-printerlogicn/a
Product-vasion_printvirtual_appliancen/a
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-27677
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.47%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-16 Apr, 2025 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Symbolic Links For Unprivileged File Interaction V-2022-002.

Action-Not Available
Vendor-printerlogicn/a
Product-virtual_appliancevasion_printn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-27657
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.74%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-16 Apr, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Remote Code Execution V-2023-008.

Action-Not Available
Vendor-printerlogicn/a
Product-virtual_appliancevasion_printn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-27663
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 25.97%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-01 Apr, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Weak Password Encryption / Encoding OVE-20230524-0007.

Action-Not Available
Vendor-printerlogicn/a
Product-vasion_printvirtual_appliancen/a
CWE ID-CWE-521
Weak Password Requirements
CVE-2025-27642
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.47%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-16 Apr, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Unauthenticated Driver Package Editing V-2024-008.

Action-Not Available
Vendor-printerlogicn/a
Product-virtual_appliancevasion_printn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-27678
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.74%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-16 Apr, 2025 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Client Remote Code Execution V-2023-001.

Action-Not Available
Vendor-printerlogicn/a
Product-virtual_appliancevasion_printn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-27646
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.47%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-15 Apr, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Edit User Account Exposure V-2024-001.

Action-Not Available
Vendor-printerlogicn/a
Product-virtual_appliancevasion_printn/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-27640
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 22.14%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-01 Apr, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows SQL Injection V-2024-012.

Action-Not Available
Vendor-printerlogicn/a
Product-vasion_printvirtual_appliancen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-27648
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.47%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-15 Apr, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Cross Tenant Password Exposure V-2024-003.

Action-Not Available
Vendor-printerlogicn/a
Product-virtual_appliancevasion_printn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-27675
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 26.00%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-16 Apr, 2025 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Vulnerable OpenID Implementation V-2023-004.

Action-Not Available
Vendor-printerlogicn/a
Product-virtual_appliancevasion_printn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-27647
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 46.66%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-15 Apr, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Addition of Partial Admin Users Without Authentication V-2024-002.

Action-Not Available
Vendor-printerlogicn/a
Product-virtual_appliancevasion_printn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-27681
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 25.72%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-16 Apr, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 mishandles Client Inter-process Security V-2022-004.

Action-Not Available
Vendor-printerlogicn/a
Product-virtual_appliancevasion_printn/a
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CVE-2025-27667
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 34.15%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-01 Apr, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Administrative User Email Enumeration OVE-20230524-0011.

Action-Not Available
Vendor-printerlogicn/a
Product-vasion_printvirtual_appliancen/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2025-27672
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 33.58%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-01 Apr, 2025 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows OAUTH Security Bypass OVE-20230524-0016.

Action-Not Available
Vendor-printerlogicn/a
Product-vasion_printvirtual_appliancen/a
CWE ID-CWE-287
Improper Authentication
CVE-2025-27668
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 34.15%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-01 Apr, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Arbitrary Content Inclusion via Iframe OVE-20230524-0012.

Action-Not Available
Vendor-printerlogicn/a
Product-vasion_printvirtual_appliancen/a
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2025-27666
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 33.58%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-01 Apr, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Authorization Checks OVE-20230524-0010.

Action-Not Available
Vendor-printerlogicn/a
Product-vasion_printvirtual_appliancen/a
CWE ID-CWE-862
Missing Authorization
CVE-2025-27656
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.47%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-16 Apr, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Password Stored in Process List V-2023-011.

Action-Not Available
Vendor-printerlogicn/a
Product-virtual_appliancevasion_printn/a
CWE ID-CWE-256
Plaintext Storage of a Password
CVE-2025-27674
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.47%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-16 Apr, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Hardcoded IdP Key V-2023-006.

Action-Not Available
Vendor-printerlogicn/a
Product-virtual_appliancevasion_printn/a
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2025-27641
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.47%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-16 Apr, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.951 Application 20.0.2368 allows Unauthenticated APIs for Single-Sign On V-2024-009.

Action-Not Available
Vendor-printerlogicn/a
Product-virtual_appliancevasion_printn/a
CWE ID-CWE-287
Improper Authentication
CVE-2025-27643
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.47%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-15 Apr, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006.

Action-Not Available
Vendor-printerlogicn/a
Product-virtual_appliancevasion_printn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-27655
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.47%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-16 Apr, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: CPA v1 V-2023-009.

Action-Not Available
Vendor-printerlogicn/a
Product-virtual_appliancevasion_printn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-27665
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 33.83%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-01 Apr, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Antivirus Protection and thus drivers can have known malicious code OVE-20230524-0009.

Action-Not Available
Vendor-printerlogicn/a
Product-vasion_printvirtual_appliancen/a
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-27652
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.47%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-15 Apr, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: rfIDEAS V-2023-015.

Action-Not Available
Vendor-printerlogicn/a
Product-virtual_appliancevasion_printn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-27682
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 22.62%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-16 Apr, 2025 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Insecure Log Permissions V-2022-005.

Action-Not Available
Vendor-printerlogicn/a
Product-virtual_appliancevasion_printn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-27659
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 22.14%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-01 Apr, 2025 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows SQL Injection OVE-20230524-0002.

Action-Not Available
Vendor-printerlogicn/a
Product-vasion_printvirtual_appliancen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-27638
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.47%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-16 Apr, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Hardcoded Password V-2024-013.

Action-Not Available
Vendor-printerlogicn/a
Product-virtual_appliancevasion_printn/a
CWE ID-CWE-259
Use of Hard-coded Password
CVE-2025-27650
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.47%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-15 Apr, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Private Keys in Docker Overlay V-2023-013.

Action-Not Available
Vendor-printerlogicn/a
Product-virtual_appliancevasion_printn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-27671
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 33.58%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-01 Apr, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Device Impersonation OVE-20230524-0015.

Action-Not Available
Vendor-printerlogicn/a
Product-vasion_printvirtual_appliancen/a
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2025-27649
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.47%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-15 Apr, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.893 Application 20.0.2140 allows Incorrect Access Control: PHP V-2023-016.

Action-Not Available
Vendor-printerlogicn/a
Product-virtual_appliancevasion_printn/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-27645
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.47%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-15 Apr, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Insecure Extension Installation by Trusting HTTP Permission Methods on the Server Side V-2024-005.

Action-Not Available
Vendor-printerlogicn/a
Product-virtual_appliancevasion_printn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-27662
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 33.58%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-01 Apr, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Password in URL OVE-20230524-0005.

Action-Not Available
Vendor-printerlogicn/a
Product-vasion_printvirtual_appliancen/a
CWE ID-CWE-256
Plaintext Storage of a Password
CVE-2025-27651
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.47%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-15 Apr, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: Elatec V-2023-014.

Action-Not Available
Vendor-printerlogicn/a
Product-virtual_appliancevasion_printn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-42637
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.47% / 80.08%
||
7 Day CHG~0.00%
Published-02 Feb, 2022 | 17:14
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability.

Action-Not Available
Vendor-printerlogicn/a
Product-web_stackn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2019-9505
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-2.02% / 82.99%
||
7 Day CHG~0.00%
Published-08 May, 2019 | 14:48
Updated-04 Aug, 2024 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PrinterLogic Print Management Software does not sanitize special characters

The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges.

Action-Not Available
Vendor-printerlogicPrinterLogic
Product-print_managementManagement Software
CWE ID-CWE-159
Improper Handling of Invalid Use of Special Elements
CVE-2025-8454
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-0.02% / 4.06%
||
7 Day CHG~0.00%
Published-01 Aug, 2025 | 05:41
Updated-06 Aug, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

Action-Not Available
Vendor-Debian GNU/Linux
Product-devscriptsdevscripts
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2016-20021
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 16.12%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 00:00
Updated-03 Jun, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable.

Action-Not Available
Vendor-n/aGentoo Foundation, Inc.
Product-portagen/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-38195
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.63%
||
7 Day CHG~0.00%
Published-08 Aug, 2021 | 05:07
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow.

Action-Not Available
Vendor-parityn/a
Product-libsecp256k1n/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-25099
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 12.06%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 00:00
Updated-14 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag.

Action-Not Available
Vendor-n/adcit
Product-n/aperl-cryptx
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-21917
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.93%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 18:16
Updated-17 Oct, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation FactoryTalk® Service Platform Service Token Vulnerability

A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory.  If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-factorytalk_services_platformFactoryTalk® Service Platform
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-28610
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 50.04%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The update process in OMICRON StationGuard and OMICRON StationScout before 2.21 can be exploited by providing a modified firmware update image. This allows a remote attacker to gain root access to the system.

Action-Not Available
Vendor-omicronenergyn/a
Product-stationguardstationscoutn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-37927
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 54.84%
||
7 Day CHG~0.00%
Published-22 Sep, 2021 | 13:35
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-35169
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-9.1||CRITICAL
EPSS-0.18% / 40.43%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 19:26
Updated-16 Sep, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.

Action-Not Available
Vendor-Oracle CorporationDell Inc.
Product-http_serverweblogic_server_proxy_plug-inbsafe_crypto-c-micro-editiondatabasebsafe_micro-edition-suitesecurity_serviceDell BSAFE Crypto-C Micro Edition
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-20
Improper Input Validation
CVE-2023-5347
Matching Score-4
Assigner-CyberDanube
ShareView Details
Matching Score-4
Assigner-CyberDanube
CVSS Score-9.8||CRITICAL
EPSS-0.22% / 44.52%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 09:54
Updated-03 Jun, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Firmware Upgrade

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.

Action-Not Available
Vendor-korenixKorenix
Product-jetnet_6728g-24p-ac-2dc-usjetnet_6828gf-ac-usjetnet_4508if-sw_firmwarejetnet_4508i-w_firmwarejetnet_7714g-m12_hvdc_firmwarejetnet_7628x-4f-eu_firmwarejetnet_4508i-wjetnet_6828gf-2dc24_firmwarejetnet_4508jetnet_4508-w_firmwarejetnet_5612g-4f_firmwarejetnet_4508f-mwjetnet_7628x-4f-eujetnet_4508f-mjetnet_7628x-4f-us_firmwarejetnet_6828gf-2dc48jetnet_6828gf-2ac-aujetnet_4508f-swjetnet_6528gf-2dc48jetnet_6728g-24p-ac-2dc-eu_firmwarejetnet_4508if-m_firmwarejetnet_4508f-mw_firmwarejetnet_7310g-v2_firmwarejetnet_6628xp-4f-us_firmwarejetnet_6828gf-ac-us_firmwarejetnet_6528gf-ac-eu_firmwarejetnet_4508-wjetnet_6728g-24p-ac-2dc-eujetnet_6528gf-ac-us_firmwarejetnet_6910g-m12_hvdcjetnet_7628x-4f-usjetnet_5728g-24p-ac-2dc-eujetnet_6528gf-2ac-eujetnet_4508if-mw_firmwarejetnet_6828gf-2ac-usjetnet_5728g-24p-ac-2dc-eu_firmwarejetnet_6528gf-2ac-usjetnet_7628xp-4f-eu_firmwarejetnet_6828gf-ac-dc24-eujetnet_6528gf-ac-eujetnet_6528gf-2ac-eu_firmwarejetnet_7628xp-4f-us_firmwarejetnet_6828gf-2ac-au_firmwarejetnet_6828gf-ac-dc24-usjetnet_5612gp-4fjetnet_4508if-mwjetnet_6828gf-2dc48_firmwarejetnet_5310gjetnet_4508if-swjetnet_5728g-24p-ac-2dc-usjetnet_6828gf-ac-dc24-eu_firmwarejetnet_4508f-sjetnet_5310g_firmwarejetnet_4508if-sjetnet_6828gf-2ac-us_firmwarejetnet_6628x-4f-eu_firmwarejetnet_7628xp-4f-eujetnet_4508f-s_firmwarejetnet_6528gf-2dc24_firmwarejetnet_6828gf-2ac-eu_firmwarejetnet_6828gf-2ac-eujetnet_5728g-24p-ac-2dc-us_firmwarejetnet_7310g-v2jetnet_4508if-s_firmwarejetnet_4508_firmwarejetnet_6628xp-4f-usjetnet_6728g-24p-ac-2dc-us_firmwarejetnet_4508f-sw_firmwarejetnet_6528gf-ac-usjetnet_6528gf-2dc24jetnet_4508f-m_firmwarejetnet_5612g-4fjetnet_6828gf-ac-dc24-us_firmwarejetnet_6528gf-2dc48_firmwarejetnet_5612gp-4f_firmwarejetnet_6828gf-2dc24jetnet_6910g-m12_hvdc_firmwarejetnet_4508if-mjetnet_7714g-m12_hvdcjetnet_6628x-4f-eujetnet_6528gf-2ac-us_firmwarejetnet_5620g-4cjetnet_5620g-4c_firmwarejetnet_7628xp-4f-usJetNet Series
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-3406
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.96%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 19:15
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations.

Action-Not Available
Vendor-keylimen/aFedora Project
Product-fedorakeylimekeylime
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-4658
Matching Score-4
Assigner-Cloudflare, Inc.
ShareView Details
Matching Score-4
Assigner-Cloudflare, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.04% / 11.67%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:33
Updated-22 May, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass in OPKSSH

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication.

Action-Not Available
Vendor-openpubkeyOPKSSH
Product-opksshopenpubkeyOPKSSH
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-33885
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-2.27% / 83.97%
||
7 Day CHG~0.00%
Published-25 Aug, 2021 | 11:38
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to send the device malicious data that will be used in place of the correct data. This results in full system command access and execution because of the lack of cryptographic signatures on critical data sets.

Action-Not Available
Vendor-n/aB. Braun
Product-spacecom2spacestation_8713142uinfusomat_large_volume_pump_871305un/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-32685
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 39.54%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 00:25
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Verification of Cryptographic Signature in tenvoy

tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. In versions prior to 7.0.3, the `verifyWithMessage` method of `tEnvoyNaClSigningKey` always returns `true` for any signature that has a SHA-512 hash matching the SHA-512 hash of the message even if the signature was invalid. This issue is patched in version 7.0.3. As a workaround: In `tenvoy.js` under the `verifyWithMessage` method definition within the `tEnvoyNaClSigningKey` class, ensure that the return statement call to `this.verify` ends in `.verified`.

Action-Not Available
Vendor-togatechTogaTech
Product-tenvoytEnvoy
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-3757
Matching Score-4
Assigner-Cloudflare, Inc.
ShareView Details
Matching Score-4
Assigner-Cloudflare, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.03% / 5.38%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:33
Updated-23 May, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass in OpenPubKey

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.

Action-Not Available
Vendor-openpubkeyOPKSSH
Product-openpubkeyOPKSSH
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-44077
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.96%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 00:00
Updated-17 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka PMP-2636.

Action-Not Available
Vendor-studionetworksolutionsn/aApple Inc.
Product-macossharebrowsern/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-25291
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-13.87% / 94.04%
||
7 Day CHG+4.15%
Published-12 Mar, 2025 | 20:16
Updated-01 Aug, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential)

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue.

Action-Not Available
Vendor-oneloginomniauthSAML-ToolkitsNetApp, Inc.
Product-omniauth_samlruby-samlstoragegridruby-saml
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-436
Interpretation Conflict
Details not found