SUSE CVE-2026-48525

PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Base64URL decoding process. An attacker can cause excessive CPU and memory consumption by supplying an arbitrarily large payload segment when verifying detached JWS tokens wit...

PYSEC-0000-CVE-2026-48525

PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For...

CVE-2026-48525

PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For...

CVE-2026-48525

PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For...

CVE-2026-48525

PyJWT (Python) versions 2.8.0–2.12.1 expose an unauthenticated DoS when verifying detached JWS with the unencoded-payload option (b64: false, RFC 7797). PyJWT decodes the middle payload segment for detached-payload verification, then discards it and replaces it with the caller-provided detached_p...

PT-2026-34782

OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 and Base64URL encoded signatures as distinct requests. Attackers can re-encode Telnyx webhook signatures to bypass replay detection while maintaining valid signature...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from a bypass vulnerability in the webhook signature processing mechanism. The vulnerability allowed attacke...

EUVD-2026-13557

AVideo is a video-sharing Platform. Versions prior to 8.0 contain a Server-Side Request Forgery vulnerability CWE-918 in the public thumbnail endpoints getImage.php and getImageMP4.php. Both endpoints accept a base64Url GET parameter, base64-decode it, and pass the resulting URL to ffmpeg as an...

AVideo Encoder getImage.php Unauthenticated Command Injection

This module exploits an unauthenticated OS command injection vulnerability in AVideo Encoder's getImage.php endpoint CVE-2026-29058. The base64Url GET parameter is base64-decoded and injected directly into an ffmpeg shell command within double quotes, without any sanitization or use of...

Ubuntu: Security Advisory (USN-8085-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

.NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2026-26127 – .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0 and .NET 10.0. This advisory also provides guidance on what developers can do to update their...

GHSA-73J8-2GCH-69RQ .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2026-26127 – .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0 and .NET 10.0. This advisory also provides guidance on what developers can do to update their...

USN-8085-1: .NET vulnerabilities

It was discovered that the .NET Microsoft.Bcl.Memory NuGet package did not properly handle certain malformed Base64Url encoded input. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. This issue only affected .NET 9.0 and .NET 10.0. CVE-2026-26127...

USN-8085-1 dotnet8, dotnet9, dotnet10 vulnerabilities

It was discovered that the .NET Microsoft.Bcl.Memory NuGet package did not properly handle certain malformed Base64Url encoded input. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. This issue only affected .NET 9.0 and .NET 10.0. CVE-2026-26127...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-arm64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commi...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-arm to version 9.0.14, 10.0.4 or higher. References - GitHub Commit ...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.osx-arm64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit -...

Out-of-bounds Read

Overview Microsoft.Bcl.Memory is a package that provides Index and Range types to simplify slicing operations on collections for .NET Framework and .NET Standard 2.0. Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm to version 9.0.14, 10.0.4 or higher. References - GitHub Commit -...