ROOT-APP-PYPI-CVE-2026-27932 CVE-2026-27932 in rootio-joserfc - Patched by Root

Root has patched CVE-2026-27932 in the rootio-joserfc package for Root:PyPI. Multiple fixed versions available...

CVE-2026-27932 vulnerabilities

Vulnerabilities for packages: localstack...

📄 joserfc JWE PBES2 1.6.2 Denial of Service

A denial of service condition can occur in applications using the joserfc library when processing malicious JSON Web Encryption tokens that use the PBES2-HS256+A128KW algorithm...

python311-joserfc-1.6.3-1.1 on GA media (moderate)

python311-joserfc-1.6.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10293-1 Rating: moderate Cross-References: CVE-2026-27932 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

OPENSUSE-SU-2026:20322-1 Security update for python-joserfc

This update for python-joserfc fixes the following issues: Changes in python-joserfc: - CVE-2026-27932: unbounded PBKDF2 iteration count can lead to a denial of service bsc1259154...

Linux Distros Unpatched Vulnerability : CVE-2026-27932

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource...

CVE-2026-27932

A flaw was found in joserfc, a Python library for JSON Object Signing and Encryption JOSE standards. An unauthenticated attacker can cause a Denial of Service DoS by exploiting a resource exhaustion vulnerability. This occurs when the library decrypts a JSON Web Encryption JWE token using...

did-sdk-python (>=1.0.0 <=1.1.3), django-ninja-aio-crud (>=1.0.5 <=2.30.4) +9 more potentially affected by CVE-2026-27932 via joserfc (>=0.11.1 <=1.6.1)

joserfc PYPI version =0.11.1, =1.0.0, =1.0.5, =2.5.0, =2.0.0, =3.0.2, =0.1.3, =0.18.1, =0.1.0, =0.9.0, =0.1.0, =0.5.0rc2 Source cves: CVE-2026-27932 Source advisory: OSV:GHSA-W5R5-M38G-F9F9...

did-sdk-python (>=1.0.0 <=1.1.3), django-ninja-aio-crud (>=1.0.5 <=2.30.4) +7 more potentially affected by CVE-2026-27932 via joserfc (>=1.0.0 <=1.6.1)

joserfc PYPI version =1.0.0, =1.0.0, =1.0.5, =2.1.1, =3.0.2, =0.21.2, =0.6.0, =0.9.0, =0.1.0, =0.5.0rc2 Source cves: CVE-2026-27932 Source advisory: SNYK:PYTHON-JOSERFC-15369129...

CVE-2026-27932

creationtimestamp| type| source ---|---|--- 2026-02-28 07:48:01+00:00| published-proof-of-concept| https://github.com/authlib/joserfc/security/advisories/GHSA-w5r5-m38g-f9f9 2026-03-03 23:57:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg6xvkwteq2u 2026-03-04 07:49:47+00:00|...

CVE-2021-27932

Stormshield Network Security SNS VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions...

CVE-2024-27932

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An aut...

CVE-2020-27932

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplement...

Alibaba Cloud Linux 3 : 0074: webkit2gtk3 (ALINUX3-SA-2024:0074)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0074 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-32919: A vulnerability was found ...

CVE-2025-27932

creationtimestamp| type| source ---|---|--- 2025-03-28 08:27:23+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9282 2025-03-28 11:53:29+00:00| seen| https://t.me/cvedetector/21388...

CVE-2025-27932

CVE-2025-27932 affects HGW-BL1500HM (Ver 002.002.003 and earlier). The vulnerability is a path traversal flaw in the USB storage file-sharing function that can affect the file deletion process. Root cause is improper limitation of a pathname to a restricted directory (CWE-22). Impact as described...

CVE-2025-27932

Improper limitation of a pathname to a restricted directory 'Path Traversal' issue exists in the file deletion process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an attacker may delete a file on the device or cause a...

CVE-2024-27932 Deno's improper suffix match testing for DENO_AUTH_TOKENS

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An aut...

CVE-2024-27932

The CVE-2024-27932 issue affects Deno (JavaScript/TypeScript/Wasmtime runtime). The vulnerability arises from an improper check in the import descriptor hostname logic (in the auth_tokens.rs path) where a token hostname is not correctly constrained to its domain, allowing a token intended for exa...

Important: webkit2gtk3 security and bug fix update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: arbitrary code execution CVE-2023-32393 webkitgtk: bypass Same Origin Policy CVE-2023-38572 webkitgtk: Processing web content may lead to arbitrary code execution CVE-2023-38592...