CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

319 matches found

UbuntuCve•added 2026/03/16 6:16 p.m.•1 views

CVE-2026-27962

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any...

9.1CVSS7.1AI score0.00081EPSS

Exploits1References2

UbuntuCve•added 2026/03/16 6:16 p.m.•1 views

CVE-2026-28490

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...

8.3CVSS5.8AI score0.00016EPSS

Exploits1References2

OSV•added 2026/03/16 6:16 p.m.•1 views

UBUNTU-CVE-2026-28490

8.3CVSS5.7AI score0.00016EPSS

Exploits1References3

OSV•added 2026/03/16 6:16 p.m.•2 views

UBUNTU-CVE-2026-28498

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect OIDC ID Tokens. Specifically, the internal hash verification logic verifyhash...

8.2CVSS5.7AI score0.00029EPSS

Exploits1References3

OSV•added 2026/03/16 6:3 p.m.•3 views

CVE-2026-28498 Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding

8.2CVSS7.1AI score0.00029EPSS

Exploits1References5

Vulnrichment•added 2026/03/16 6:3 p.m.•4 views

CVE-2026-28498 Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding

8.2CVSS5.7AI score0.00029EPSS

Exploits1References3

Cvelist•added 2026/03/16 6:3 p.m.•24 views

CVE-2026-28498 Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding

8.2CVSS0.00029EPSS

Exploits1References3

Debian CVE•added 2026/03/16 6:3 p.m.•6 views

CVE-2026-28498

8.2CVSS8.2AI score0.00029EPSS

Exploits1

CVE•added 2026/03/16 6:3 p.m.•15 views

CVE-2026-28498

In Authlib (Python), prior to version 1.6.9, a library‑level vulnerability in the OIDC ID Token validation path (_verify_hash) can fail‑open when an unsupported/unknown alg is used for at_hash/c_hash. An attacker could present a forged ID Token with an unrecognized alg header and bypass mandatory...

8.2CVSS5.8AI score0.00029EPSS

Exploits1References3Affected Software1

ATTACKERKB•added 2026/03/16 5:37 p.m.•3 views

CVE-2026-28490

8.3CVSS5.7AI score0.00016EPSS

Exploits1References4Affected Software1

OSV•added 2026/03/16 5:37 p.m.•4 views

CVE-2026-28490 Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle

8.3CVSS5.8AI score0.00016EPSS

Exploits1References5

Cvelist•added 2026/03/16 5:37 p.m.•20 views

CVE-2026-28490 Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle

8.3CVSS0.00016EPSS

Exploits1References3

CVE•added 2026/03/16 5:37 p.m.•16 views

CVE-2026-28490

Authlib (Python) RSA1_5 JWE handling is vulnerable to Bleichenbacher padding oracle attacks. The issue stems from a length check in RSAAlgorithm.unwrap() that raises a distinct exception when padding is invalid, destroying the cryptographic BLEichenbacher mitigation provided by cryptography v46.0...

8.3CVSS5.7AI score0.00016EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/03/16 5:37 p.m.•3 views

CVE-2026-28490 Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle

8.3CVSS5.7AI score0.00016EPSS

Exploits1References3

Debian CVE•added 2026/03/16 5:37 p.m.•4 views

CVE-2026-28490

8.3CVSS5.3AI score0.00016EPSS

Exploits1

Vulnrichment•added 2026/03/16 5:34 p.m.•1 views

CVE-2026-27962 Authlib JWS JWK Header Injection: Signature Verification Bypass