Lucene search
K

32 matches found

RedhatCVE
RedhatCVE
added 2026/06/15 2:36 p.m.7 views

CVE-2026-50627

A flaw was found in Apache CXF. The JwtAccessTokenValidator class fails to properly validate the 'aud' Audience claims within incoming JSON Web Token JWT access tokens. This vulnerability allows an attacker to reuse a JWT, originally intended for one resource server, against a different resource...

9.1CVSS4.8AI score0.00418EPSS
Exploits0References5
NVD
NVD
added 2026/06/12 10:16 a.m.11 views

CVE-2026-50627

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

9.1CVSS0.00418EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/12 8:55 a.m.8 views

EUVD-2026-36395

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

5.1AI score0.00418EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/20 3:35 p.m.9 views

Improper Verification of Cryptographic Signature

Overview symfony/security-http is a provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. Affected versions of this package are vulnerable to...

9.3CVSS5.8AI score0.0005EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/14 9:25 p.m.5 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to improper validation of JWT aud and iss claims in the Windows MDM authentication flow. An attacker can enroll unauthorized devices by presenting a valid Microsoft-signed Azure AD token from any tenant. This is...

8.2CVSS5.5AI score0.00381EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/14 1:13 p.m.18 views

Fleet Windows MDM Azure AD JWT Authentication Bypass

Summary A vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but does not enforce the aud audience or iss issuer claims, any Microsoft-signed...

8.2CVSS5.8AI score0.00381EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/09 4:41 p.m.4 views

EUVD-2026-20899

fast-jwt has a ReDoS when using RegExp in allowed leading to CPU exhaustion during token verification...

4.2CVSS5.9AI score0.00262EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/09 2:55 p.m.1 views

CVE-2026-35041 ReDoS in fast-jwt when using RegExp in allowed* leading to CPU exhaustion during token verification

fast-jwt provides fast JSON Web Token JWT implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured using a regular expression. Because the aud claim is attacker-controlled and the library evaluates it against the...

4.2CVSS5.9AI score0.00262EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.5 views

PT-2026-31622

fast-jwt provides fast JSON Web Token JWT implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured using a regular expression. Because the aud claim is attacker-controlled and the library evaluates it against the...

4.2CVSS5.9AI score0.00262EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/12 9:19 p.m.1 views

CVE-2026-32301 Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL

Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request Forgery SSRF when configured with a dynamic JWKS endpoint URL using template variables e.g. tenant. An unauthenticated attacker can craft a JWT with a malicious iss or...

9.3CVSS5.8AI score0.00258EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.8 views

PT-2026-25082

Name of the Vulnerable Software and Affected Versions Centrifugo versions prior to 6.7.0 Description Centrifugo is susceptible to a Server-Side Request Forgery SSRF condition when configured with a dynamic JWKS endpoint URL that utilizes template variables, such as tenant. An unauthenticated...

9.3CVSS6AI score0.00258EPSS
Exploits1References14
NVD
NVD
added 2026/03/07 5:15 p.m.7 views

CVE-2026-30863

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and 9.5.0-alpha.11, the Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tokens. When the adapter's audience configuration...

9.8CVSS0.00525EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/05 8:52 p.m.6 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation in the authentication process when JWT tokens are parsed without enforcing the audience claim in certain configurations. An attacker can gain unauthorized access by presenting a validly signed JWT token with an...

8.8CVSS5.8AI score0.00301EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2025/11/25 10:10 a.m.185 views

Exploit for CVE-2025-9803

Lab: CVE-2025-9803 - Improper Authentication in lunary-ai/luna...

9.3CVSS6.7AI score0.00417EPSS
Exploits2
NVD
NVD
added 2025/10/22 8:15 p.m.7 views

CVE-2025-62610

Hono is a Web application framework that provides support for any JavaScript runtime. In versions from 1.1.0 to before 4.10.2, Hono’s JWT Auth Middleware does not provide a built-in aud Audience verification option, which can cause confused-deputy / token-mix-up issues: an API may accept a valid...

8.1CVSS0.0035EPSS
Exploits1References2
CVE
CVE
added 2025/10/22 7:24 p.m.20 views

CVE-2025-62610

Hono's JWT Auth Middleware (versions 1.1.0 up to before 4.10.2) did not validate the aud (Audience) claim, potentially allowing tokens intended for other audiences to access a service. The issue is documented across multiple sources and is resolved by upgrading to version 4.10.2 or later. Affecte...

8.1CVSS6.3AI score0.0035EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/10/02 6:31 p.m.11 views

GHSA-49HX-9MM2-7675 Jenkins OpenId Connect Authentication Plugin lacks audience claim validation

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a1de8 and earlier does not check the aud Audience claim of an ID Token during its authentication flow, a value to verify the token is issued for the correct client. This vulnerability may allow attackers to subvert the authentication flow...

9.2CVSS8.2AI score0.00636EPSS
Exploits0References2
NVD
NVD
added 2024/10/02 4:15 p.m.23 views

CVE-2024-47806

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a1de8 and earlier does not check the aud Audience claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins...

8.1CVSS0.00636EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/02 3:35 p.m.12 views

CVE-2024-47806

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a1de8 and earlier does not check the aud Audience claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins...

7.3AI score0.00636EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/06/12 9:31 p.m.60 views

HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have be...

7.5CVSS7.1AI score0.00343EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder