CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/08 9:54 p.m.•27 views

CVE-2026-42206 Roadiz OpenID Connect nonce generated but never validated — ID token replay attack

Roadiz is a polymorphic content management system based on a node system. Prior to versions 2.3.43, 2.5.45, 2.6.31, and 2.7.18, the roadiz/openid package generates an OIDC nonce in OAuth2LinkGenerator::generate and includes it in the authorization request sent to the identity provider, but never...

7.1CVSS0.00021EPSS

Positive Technologies•added 2026/05/06 12:0 a.m.•2 views

PT-2026-38263

Name of the Vulnerable Software and Affected Versions auth0-js versions 8.11.0 through 9.32.0 Description Improper validation in the Auth0.js SDK may allow the return of user profile data when a specifically crafted invalid ID token is used in conjunction with a valid access token. This issue...

7.1CVSS5.6AI score0.00032EPSS

Exploits0References5

OSV•added 2026/04/29 8:51 p.m.•4 views

GHSA-3GX8-Q682-38MX OpenID Connect nonce generated but never validated — ID token replay attack

Summary The roadiz/openid package generates an OIDC nonce in OAuth2LinkGenerator::generate and includes it in the authorization request sent to the identity provider, but never stores it and never validates it on the callback. The OpenIdJwtConfigurationFactory validation chain does not include a...

7.1CVSS5.9AI score0.00021EPSS

Exploits0References3

Github Security Blog•added 2026/04/29 8:51 p.m.•4 views

OpenID Connect nonce generated but never validated — ID token replay attack

7.1CVSS5.6AI score0.00021EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2026/03/19 5:56 p.m.•6 views

MinIO has JWT Algorithm Confusion in OIDC Authentication

Impact What kind of vulnerability is it? Who is impacted? A JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and obtain S3 credentials with any policy, including consoleAdmin. An...

9.8CVSS5.8AI score0.00034EPSS

Exploits0References3Affected Software1

SUSE CVE•added 2026/03/17 12:24 a.m.•1 views

SUSE CVE-2026-28498

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect OIDC ID Tokens. Specifically, the internal hash verification logic verifyhash...

9.1CVSS5.8AI score0.00029EPSS

Exploits1References4

CNNVD•added 2026/03/16 12:0 a.m.•2 views

Authlib 安全漏洞

Authlib is an open-source library developed by Authlib, designed as a ultimate Python library for building OAuth and OpenID Connect servers. Versions of Authlib prior to 1.6.9 contained security vulnerabilities. These vulnerabilities stemmed from the OpenID Connect ID token verification logic,...

8.2CVSS7.3AI score0.00029EPSS

Exploits1References4

OSV•added 2026/03/11 4:42 p.m.•3 views

CVE-2026-31813 Supabase Auth has insecure Apple and Azure authentication with ID tokens

Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...

4.8CVSS5.8AI score0.00042EPSS

Exploits0References3

RedhatCVE•added 2026/02/04 7:28 p.m.•3 views

CVE-2025-62600

eprosima Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an...

8.6CVSS6AI score0.00025EPSS

RedhatCVE•added 2026/02/04 7:28 p.m.•2 views

CVE-2025-62601

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow,...

7.5CVSS5.8AI score0.00021EPSS

RedhatCVE•added 2026/02/04 7:28 p.m.•4 views

CVE-2025-62599

8.6CVSS6AI score0.00025EPSS

NVD•added 2026/02/03 8:15 p.m.•4 views

CVE-2025-64098

6.3CVSS0.00026EPSS

NVD•added 2026/02/03 8:15 p.m.•5 views

CVE-2025-62602

7.5CVSS0.00026EPSS

NVD•added 2026/02/03 8:15 p.m.•3 views

CVE-2025-62601

7.5CVSS0.00021EPSS

Snyk•added 2026/02/03 7:49 p.m.•2 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the readBinaryPropertySeq function when handling manipulated DATA Submessages with altered length fields. An attacker can cause a remote out-of-memory condition and terminate the service by sending...

8.6CVSS5.6AI score0.00025EPSS

Exploits0References2

Vulnrichment•added 2026/02/03 7:29 p.m.•7 views

CVE-2025-64098 FastDDS has Out-of-memory in readOctetVector via Manipulated DATA Submessage when DDS Security is enabled

OSV•added 2026/02/03 7:29 p.m.•3 views

CVE-2025-64098 FastDDS has Out-of-memory in readOctetVector via Manipulated DATA Submessage when DDS Security is enabled

CVE•added 2026/02/03 7:29 p.m.•7 views

Exploits0References7

CVE-2025-64098

CVE-2025-64098 affects Fast DDS (DDS security enabled) where an attacker tampering with PID_IDENTITY_TOKEN or PID_PERMISSIONS_TOKEN in the DATA Submessage of SPDP can trigger a 32-bit integer overflow in readOctetVector, causing std::vector::resize to allocate attacker-controlled sizes and leadin...

Exploits0References4Affected Software1

EUVD•added 2026/02/03 7:29 p.m.•4 views

EUVD-2025-206667