Lucene search
K

127 matches found

CISA KEV Catalog
CISA KEV Catalog
added 3 days ago8 views

SimpleHelp Authentication Bypass Vulnerability

SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacke...

10CVSS5.9AI score0.0116EPSS
In wildExploits0
Tenable Nessus
Tenable Nessus
added 6 days ago12 views

SUSE SLES16 Security Update : python-PyJWT (SUSE-SU-2026:22170-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22170-1 advisory. This update for python-PyJWT fixes the following issues - CVE-2026-48522: PyJWKClient passes URI arguments directly to...

7.4CVSS5.8AI score0.00379EPSS
Exploits4References16
OSV
OSV
added 2026/06/25 8:13 a.m.2 views

SUSE-SU-2026:2627-1 Security update for python-PyJWT

This update for python-PyJWT fixes the following issues - CVE-2026-48522: PyJWKClient passes URI arguments directly to urllib.request.urlopen and allows for SSRF and token forgery bsc1266798. - CVE-2026-48523: verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are...

7.4CVSS5.8AI score0.00379EPSS
Exploits4References9
Rockylinux
Rockylinux
added 2026/06/17 12:3 p.m.19 views

fence-agents security update

An update is available for fence-agents. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling...

7.4CVSS5.4AI score0.00379EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/06/16 12:16 p.m.8 views

python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...

7.4CVSS5.5AI score0.00379EPSS
Exploits1References5
Rockylinux
Rockylinux
added 2026/06/16 12:4 p.m.5 views

fence-agents security update

An update is available for fence-agents. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling...

7.4CVSS5.4AI score0.00379EPSS
Exploits1
OSV
OSV
added 2026/06/16 9:9 a.m.3 views

SUSE-SU-2026:22138-1 Security update for python-PyJWT

This update for python-PyJWT fixes the following issues - CVE-2026-48522: PyJWKClient passes URI arguments directly to urllib.request.urlopen and allows for SSRF and token forgery bsc1266798. - CVE-2026-48523: verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are...

7.4CVSS5.3AI score0.00379EPSS
Exploits4References11
OSV
OSV
added 2026/06/15 7:28 p.m.5 views

GHSA-XGMM-8J9V-C9WX PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed

!NOTE Exploitation requires a verifier configured with both symmetric and asymmetric algorithms in algorithms=… and a raw-JSON JWK as the key= argument, both contrary to documented usage, hence the High attack-complexity rating. Summary When the verifier is decoding JSON Web Tokens, while...

7.4CVSS5.4AI score0.00379EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.10 views

RHEL 10 : fence-agents (RHSA-2026:25902)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25902 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachabl...

7.4CVSS5.4AI score0.00379EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/06/12 5:7 p.m.10 views

CVE-2026-48558 SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a...

10CVSS5.5AI score0.0116EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 5:7 p.m.178 views

CVE-2026-48558

Summary of vulnerability (CVE-2026-48558) : SimpleHelp versions 5.5.15 and earlier and 6.0 pre-release contain an authentication bypass in the OpenID Connect (OIDC) flow. When OIDC is configured, identity tokens are accepted without cryptographic signature verification, allowing a remote, unauthe...

10CVSS5.5AI score0.0116EPSS
In wildExploits0References5Affected Software1
EUVD
EUVD
added 2026/06/12 5:7 p.m.35 views

EUVD-2026-36509

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a...

10CVSS5.5AI score0.0116EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48947

Name of the Vulnerable Software and Affected Versions SimpleHelp versions 5.5.15 and earlier SimpleHelp 6.0 pre-release versions Description An authentication bypass exists in the OpenID Connect OIDC authentication flow. When OIDC is configured, the software accepts identity tokens during login...

10CVSS6.2AI score0.0116EPSS
Exploits0References110
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48473

Name of the Vulnerable Software and Affected Versions go-base versions prior to the May 17, 2026 patch Description The software contains a hardcoded JWT signing secret set to "random" in the dev.env template and as a programmatic fallback in the viper.SetDefault function within cmd/serve.go. A...

9.1CVSS5.9AI score0.00055EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

bookcars 安全漏洞

BookCars is a car rental management platform developed by Akram El Assas. Version 8.3 of BookCars contains a security vulnerability. This vulnerability stems from an insecure authentication mechanism in the/api/social-sign-in endpoint, which could allow attackers to bypass authentication using...

9.1CVSS5.3AI score0.00364EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

bookcars 安全漏洞

Bookcars is a car rental management platform developed by Akram El Assas. Version 8.3 of Bookcars contains a security vulnerability. This vulnerability stems from the lack of encryption signature verification in the validateAccessToken function, which may allow attackers to bypass authentication...

9.8CVSS5.3AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

Cloud Foundry Foundation 安全漏洞

Cloud Foundry Foundation is an open-source platform as a service PaaS offered by the Cloud Foundry Foundation. There is a security vulnerability in Cloud Foundry Foundation’s cf-auth-proxy component. This vulnerability stems from authentication bypassing, allowing unauthenticated remote attackers...

7.5CVSS5.4AI score0.00393EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 3:9 p.m.12 views

CVE-2026-48526 PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

7.4CVSS5.8AI score0.00379EPSS
Exploits1References1
CVE
CVE
added 2026/05/28 3:9 p.m.126 views

CVE-2026-48526

PyJWT (Python) prior to 2.13.0 did not validate the use of JSON Web Keys in HMAC verification, allowing an attacker to use the issuer public key as the HMAC secret during token verification. This could enable forging tokens when mixing RS/EC/JWK and HS algorithms. The issue is fixed in PyJWT 2.13...

7.4CVSS5.8AI score0.00379EPSS
Exploits1References15Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

rustfs 安全漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-beta.2 contained a security vulnerability. This vulnerability stemmed from the use of embedded test private keys for license verification, allowing anyone to forge any license token...

8.7CVSS5.8AI score0.00239EPSS
Exploits0References2
Rows per page
Query Builder