CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2025/08/30 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2021-28374

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowin...

7.5CVSS7.2AI score0.00286EPSS

Exploits0References2

Tenable Nessus•added 2025/06/16 12:0 a.m.•4 views

TencentOS Server 4: python-authlib (TSSA-2024:1134)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1134 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.5CVSS7AI score0.00925EPSS

Exploits2References2

RedhatCVE•added 2025/05/22 9:35 p.m.•7 views

CVE-2021-43777

Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login via OAuth incorrectly uses the state parameter to pass the next URL to redirect the user to after login. The state parameter should be used for a Cross-Site Request Forgery...

6.8CVSS7AI score0.00102EPSS

Exploits0

Tenable Nessus•added 2025/03/05 12:0 a.m.•14 views

Linux Distros Unpatched Vulnerability : CVE-2024-37568

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is...

7.5CVSS7.1AI score0.00145EPSS

Positive Technologies•added 2025/01/01 12:0 a.m.•2 views

PT-2025-54492

Name of the Vulnerable Software and Affected Versions Authlib versions 1.6.5 and prior Description Authlib is a Python library used for building OAuth and OpenID Connect servers. A flaw exists in cache-backed state/request-token storage where it is not linked to the user session. This allows for...

8.8CVSS6.6AI score0.00424EPSS

Exploits5References27

IBM Security Bulletins•added 2024/08/02 7:51 a.m.•32 views

Security Bulletin: authlib-cve202437568-sec-bypass

Summary Authlib security bypass Vulnerability Details CVEID:CVE-2024-37568 DESCRIPTION: Authlib could allow a remote attacker to bypass security restrictions, caused by an algorithm confusion with asymmetric public keys. By sending a specially crafted request, an attacker could exploit this...

7.5CVSS7.4AI score0.00145EPSS

Exploits1Affected Software1

OpenVAS•added 2024/06/26 12:0 a.m.•28 views

Mageia: Security Advisory (MGASA-2024-0238)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.00145EPSS

Mageia•added 2024/06/25 4:12 p.m.•44 views

Updated python-authlib packages fix security vulnerability

Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...

7.5CVSS7.2AI score0.00145EPSS

OpenVAS•added 2024/06/21 12:0 a.m.•23 views

Fedora: Security Advisory (FEDORA-2024-2e9c58d661)

7.5CVSS7.6AI score0.00145EPSS

Tenable Nessus•added 2024/06/20 12:0 a.m.•20 views

Fedora 39 : python-authlib (2024-2e9c58d661)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2e9c58d661 advisory. Update to v1.3.1 CVE-2024-37568 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

7.5CVSS7.4AI score0.00145EPSS

OpenVAS•added 2024/06/19 12:0 a.m.•24 views

Fedora: Security Advisory (FEDORA-2024-7cc9a030d9)

Tenable Nessus•added 2024/06/19 12:0 a.m.•26 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Authlib (SUSE-SU-2024:2064-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2064-1 advisory. - Update to version 1.3.1 - CVE-2024-37568: Fixed algorithm confusion with asymmetric public keys...

7.5CVSS7.3AI score0.00145EPSS

OpenVAS•added 2024/06/19 12:0 a.m.•18 views

openSUSE Security Advisory (SUSE-SU-2024:2064-1)

OSV•added 2024/06/18 11:14 a.m.•12 views

SUSE-SU-2024:2064-1 Security update for python-Authlib

This update for python-Authlib fixes the following issues: - Update to version 1.3.1 - CVE-2024-37568: Fixed algorithm confusion with asymmetric public keys. bsc1226138...

Tenable Nessus•added 2024/06/18 12:0 a.m.•21 views

Exploits1References3

Fedora 40 : python-authlib (2024-7cc9a030d9)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7cc9a030d9 advisory. Update to v1.3.1 CVE-2024-37568 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

7.5CVSS7.4AI score0.00145EPSS

OSV•added 2024/06/15 12:0 a.m.•13 views

OPENSUSE-SU-2024:14035-1 python310-Authlib-1.3.1-1.1 on GA media

These are all security issues fixed in the python310-Authlib-1.3.1-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE CVE•added 2024/06/11 2:5 a.m.•2 views

Exploits1References1

SUSE CVE-2024-37568

lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...

7.5CVSS9.2AI score0.00145EPSS