Lucene search
K

8 matches found

PyPA
PyPA
added 2026/05/28 4:16 p.m.24 views

PYSEC-2026-178

PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For...

5.3CVSS5.8AI score0.00288EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/28 3:11 p.m.41 views

CVE-2026-48525 PyJWT: Unauthenticated DoS via unbounded Base64URL decoding of unused payload segment in b64=false detached JWS

PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For...

5.3CVSS0.00288EPSS
Exploits1References1
Snyk
Snyk
added 2025/05/19 9:54 p.m.2 views

Improper Verification of Cryptographic Signature

Overview org.webjars.npm:openpgp is a JavaScript implementation of the OpenPGP protocol. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature through the openpgp.verify or openpgp.decrypt functions. An attacker can manipulate the message content to...

8.7CVSS6.8AI score0.00642EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.5 views

SUSE CVE-2006-0455

gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also...

4.6CVSS7.2AI score0.01327EPSS
Exploits1References6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

GnuPG 1.x Detached Signature Verification Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16663/info GnuPG is affected by a detached signature verification-bypass vulnerability because it fails to properly notify scripts that an invalid detached signature was presented and that the verification process has...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2006/03/15 4:36 p.m.7 views

security flaw

gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also...

4.6CVSS7.2AI score0.01327EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2006/02/15 10:0 p.m.24 views

CVE-2006-0455

gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also...

4.6CVSS6.3AI score0.01327EPSS
Exploits1
Exploit DB
Exploit DB
added 2006/02/15 12:0 a.m.33 views

GnuPG 1.x - Detached Signature Verification Bypass

source: https://www.securityfocus.com/bid/16663/info GnuPG is affected by a detached signature verification-bypass vulnerability because it fails to properly notify scripts that an invalid detached signature was presented and that the verification process has failed. Exploiting this issue allows...

7.4AI score
Exploits0
Rows per page
Query Builder