Lucene search
K

3584 matches found

EUVD
EUVD
added 2026/05/15 4:51 p.m.12 views

EUVD-2026-30571

The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj...

7.5CVSS5.9AI score0.0027EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.12 views

CVE-2026-44351

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an...

9.1CVSS6AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 8:16 p.m.31 views

CVE-2026-44351

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an...

9.1CVSS0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 7:12 p.m.50 views

CVE-2026-44351 fast-jwt: Empty HMAC secret accepted via async key resolver - JWT auth bypass

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an...

9.1CVSS0.00236EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 7:12 p.m.7 views

CVE-2026-44351 fast-jwt: Empty HMAC secret accepted via async key resolver - JWT auth bypass

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an...

9.1CVSS6AI score0.00236EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 7:12 p.m.8 views

CVE-2026-44351

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an...

9.1CVSS6AI score0.00236EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/13 7:12 p.m.39 views

CVE-2026-44351

CVE-2026-44351 — fast-jwt auth bypass (pre-6.2.4) : The vulnerability exists in fast-jwt’s async key-resolver flow when the resolver returns an empty string or zero-length Buffer. The library may treat this as a valid secret and derive allowedAlgorithms as HS256/HS384/HS512, then verify a JWT aga...

9.1CVSS6AI score0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 5:30 p.m.52 views

CVE-2026-44003 vm2: Transformer Fast-Path Bypass Exposes Internal State Variable

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performance optimization that skips AST analysis when the code does not contain catch, import, or async keywords. This fast-path bypass allows sandboxed code to directly access the internal...

5.3CVSS0.00248EPSS
Exploits1References1
CVE
CVE
added 2026/05/13 5:30 p.m.32 views

CVE-2026-44003

vm2 (Node.js sandbox) prior to version 3.11.0 includes a transformer fast-path that bypasses AST analysis when code does not contain catch, import, or async, allowing sandboxed code to access internal state VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL and its security helpers (handleExcepti...

5.8CVSS5.8AI score0.00248EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/05/13 4:16 p.m.44 views

CVE-2026-44665

fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerabili...

6.1CVSS0.00209EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.39 views

CVE-2026-44664

fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and...

6.1CVSS0.00194EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/13 3:27 p.m.67 views

CVE-2026-44664 fast-xml-builder: Comment Value bypass regex

fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and...

6.1CVSS0.00194EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 3:27 p.m.7 views

CVE-2026-44664

fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and...

6.1CVSS5.9AI score0.00238EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 3:27 p.m.11 views

CVE-2026-44664 fast-xml-builder: Comment Value bypass regex

fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and...

6.1CVSS5.9AI score0.00238EPSS
Exploits1References1
CVE
CVE
added 2026/05/13 3:27 p.m.27 views

CVE-2026-44664

The CVE concerns fast-xml-builder, which converts JSON to XML. In version 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitized -- sequences in XML comments via .replace(/--/g, '- -'), allowing an attacker to break out of a comment and inject arbitrary XML/HTML. The issue is addressed in...

6.1CVSS5.9AI score0.00238EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/13 3:24 p.m.15 views

CVE-2026-44665 fast-xml-builder: Attribute values with unwanted quotes can bypass malicious or unwanted attributes

fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerabili...

6.1CVSS5.8AI score0.00209EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 3:24 p.m.33 views

CVE-2026-44665

Summary of CVE-2026-44665 details (from provided sources): The vulnerability affects the fast-xml-builder library, where input data containing quotes in attribute values, if the processEntities flag is not enabled, can cause an attribute value to be split into multiple attributes. This enables an...

6.1CVSS5.8AI score0.00209EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 3:24 p.m.75 views

CVE-2026-44665 fast-xml-builder: Attribute values with unwanted quotes can bypass malicious or unwanted attributes

fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerabili...

6.1CVSS0.00209EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/13 3:35 a.m.8 views

SUSE CVE-2026-43305

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path Why The evaluation for whether we need to use the DMUB HW lock isn't the same as whether we need to unlock which results in a hang when the fast path is us...

5.8AI score0.00083EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

fast-jwt 授权问题漏洞

fast-jwt is a JSON Web Token implementation open-sourced by Nearform. Versions of fast-jwt prior to 6.2.4 contained an authorization vulnerability. This vulnerability stemmed from a critical authentication bypass in the asynchronous key resolution process, allowing unauthenticated attackers to...

9.1CVSS5.8AI score0.00236EPSS
Exploits0References2
Rows per page
Query Builder