Lucene search
K

133 matches found

RedHat Linux
RedHat Linux
added 9 hours ago7 views

Important: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

7.4CVSS6AI score0.00394EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 9 hours ago6 views

python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...

7.4CVSS5.9AI score0.00394EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 9 hours ago6 views

python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...

7.4CVSS5.9AI score0.00394EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 11 hours ago6 views

python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...

7.4CVSS5.9AI score0.00394EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-55459

Name of the Vulnerable Software and Affected Versions joserfc versions 1.6.7 and earlier Description An authentication bypass exists when the verification key provided to joserfc.jwt.decode is an empty string or None. This occurs because the HMACAlgorithm.verify and HMACAlgorithm.sign functions...

8.7CVSS6AI score
Exploits0References7
RedHat Linux
RedHat Linux
added 5 days ago4 views

python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...

7.4CVSS5.8AI score0.00394EPSS
Exploits1References5
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/29 12:0 a.m.8 views

SimpleHelp Authentication Bypass Vulnerability

SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacke...

10CVSS5.9AI score0.0116EPSS
In wildExploits1
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.13 views

SUSE SLES16 Security Update : python-PyJWT (SUSE-SU-2026:22170-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22170-1 advisory. This update for python-PyJWT fixes the following issues - CVE-2026-48522: PyJWKClient passes URI arguments directly to...

7.4CVSS5.8AI score0.00394EPSS
Exploits4References16
OSV
OSV
added 2026/06/25 8:13 a.m.2 views

SUSE-SU-2026:2627-1 Security update for python-PyJWT

This update for python-PyJWT fixes the following issues - CVE-2026-48522: PyJWKClient passes URI arguments directly to urllib.request.urlopen and allows for SSRF and token forgery bsc1266798. - CVE-2026-48523: verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are...

7.4CVSS5.8AI score0.00394EPSS
Exploits4References9
Rockylinux
Rockylinux
added 2026/06/17 12:3 p.m.19 views

fence-agents security update

An update is available for fence-agents. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling...

7.4CVSS5.4AI score0.00394EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/06/16 12:16 p.m.8 views

python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...

7.4CVSS5.5AI score0.00394EPSS
Exploits1References5
Rockylinux
Rockylinux
added 2026/06/16 12:4 p.m.5 views

fence-agents security update

An update is available for fence-agents. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling...

7.4CVSS5.4AI score0.00394EPSS
Exploits1
OSV
OSV
added 2026/06/16 9:9 a.m.3 views

SUSE-SU-2026:22138-1 Security update for python-PyJWT

This update for python-PyJWT fixes the following issues - CVE-2026-48522: PyJWKClient passes URI arguments directly to urllib.request.urlopen and allows for SSRF and token forgery bsc1266798. - CVE-2026-48523: verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are...

7.4CVSS5.3AI score0.00394EPSS
Exploits4References11
OSV
OSV
added 2026/06/15 7:28 p.m.5 views

GHSA-XGMM-8J9V-C9WX PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed

!NOTE Exploitation requires a verifier configured with both symmetric and asymmetric algorithms in algorithms=… and a raw-JSON JWK as the key= argument, both contrary to documented usage, hence the High attack-complexity rating. Summary When the verifier is decoding JSON Web Tokens, while...

7.4CVSS5.4AI score0.00394EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.12 views

RHEL 10 : fence-agents (RHSA-2026:25902)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25902 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachabl...

7.4CVSS5.4AI score0.00394EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/06/12 5:7 p.m.10 views

CVE-2026-48558 SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a...

10CVSS5.5AI score0.0116EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/12 5:7 p.m.42 views

EUVD-2026-36509

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a...

10CVSS5.5AI score0.0116EPSS
Exploits1References3
CVE
CVE
added 2026/06/12 5:7 p.m.221 views

CVE-2026-48558

Summary of vulnerability (CVE-2026-48558) : SimpleHelp versions 5.5.15 and earlier and 6.0 pre-release contain an authentication bypass in the OpenID Connect (OIDC) flow. When OIDC is configured, identity tokens are accepted without cryptographic signature verification, allowing a remote, unauthe...

10CVSS5.5AI score0.0116EPSS
In wildExploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48947

Name of the Vulnerable Software and Affected Versions SimpleHelp versions 5.5.1 through 5.5.15 SimpleHelp versions 6.0 pre-release through 6.0 RC1 Description An authentication bypass exists in the OpenID Connect OIDC authentication flow. The server fails to verify the cryptographic signature of...

10CVSS6.2AI score0.0116EPSS
Exploits1References121
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48473

Name of the Vulnerable Software and Affected Versions go-base versions prior to the May 17, 2026 patch Description The software contains a hardcoded JWT signing secret set to "random" in the dev.env template and as a programmatic fallback in the viper.SetDefault function within cmd/serve.go. A...

9.1CVSS5.9AI score0.00055EPSS
Exploits0References6
Rows per page
Query Builder