Lucene search
+L

548 matches found

NVD
NVD
added 3 days ago9 views

CVE-2026-62290

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. From 1.18.0 until 1.19.6 and 1.20.3, Challenge resources under acme.cert-manager.io can be created directly by namespace...

7.3CVSS0.00078EPSS
Exploits0References7
NVD
NVD
added 3 days ago6 views

CVE-2026-49998

Centrifugo is an open-source scalable real-time messaging server. Prior to 6.8.1, Centrifugo dynamic JWKS endpoint verification could reuse a key for one allowed issuer to verify a JWT for another allowed issuer because the JWKS cache and singleflight lookup were keyed only by JWT header kid, not...

8.2CVSS0.00266EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-62290 cert-manager: Direct ACME Challenge resources can bypass Issuer DNS01 solver policy and use ClusterIssuer DNS credentials

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. From 1.18.0 until 1.19.6 and 1.20.3, Challenge resources under acme.cert-manager.io can be created directly by namespace...

7.3CVSS0.00078EPSS
Exploits0References7
CVE
CVE
added 3 days ago10 views

CVE-2026-62290

Affected software/area: cert-manager in Kubernetes clusters (certificates and issuers as resources). Vulnerability: Between 1.18.0 and 1.19.6, and 1.20.3, Challenge resources under acme.cert-manager.io could be created by namespace users without admission validation, allowing attacker-controlled ...

7.3CVSS6.1AI score0.00078EPSS
Exploits0References7
OSV
OSV
added 3 days ago2 views

CVE-2026-49998 Centrifugo: Dynamic JWKS key cache keyed only by `kid` allows cross-issuer JWT authentication bypass

Centrifugo is an open-source scalable real-time messaging server. Prior to 6.8.1, Centrifugo dynamic JWKS endpoint verification could reuse a key for one allowed issuer to verify a JWT for another allowed issuer because the JWKS cache and singleflight lookup were keyed only by JWT header kid, not...

8.2CVSS5.3AI score0.00266EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-49998 Centrifugo: Dynamic JWKS key cache keyed only by `kid` allows cross-issuer JWT authentication bypass

Centrifugo is an open-source scalable real-time messaging server. Prior to 6.8.1, Centrifugo dynamic JWKS endpoint verification could reuse a key for one allowed issuer to verify a JWT for another allowed issuer because the JWKS cache and singleflight lookup were keyed only by JWT header kid, not...

8.2CVSS0.00266EPSS
Exploits0References4
CVE
CVE
added 3 days ago30 views

CVE-2026-49998

CVE-2026-49998 describes a cross-issuer JWT authentication bypass in Centrifugo prior to v6.8.1 caused by the JWKS cache and singleflight lookup being keyed only by the JWT header kid. The JWKS URL is resolved later from tokenVars to a per-tenant endpoint, but caches (and TTL) and the in-flight f...

8.2CVSS6.1AI score0.00266EPSS
Exploits0References4
OSV
OSV
added 5 days ago5 views

JLSEC-2026-694 OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status allows a same-issuer...

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS6.1AI score0.00121EPSS
Exploits0References5
NVD
NVD
added 5 days ago7 views

CVE-2026-45069

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims registered audience aud, issuer iss, and expiry exp checkers but did not pass the mandatory claims list to...

9.1CVSS0.00232EPSS
Exploits0References4
CVE
CVE
added 5 days ago45 views

CVE-2026-45069

CVE-2026-45069 concerns Symfony’s OidcTokenHandler, where verifyClaims() registered aud/iss/exp checkers but did not pass the mandatory claims list to ClaimCheckerManager::check(). Consequently, a validly signed JWT missing these claims could pass verification. The issue is fixed in Symfony relea...

9.1CVSS6.1AI score0.00232EPSS
Exploits0References4Affected Software1
OSV
OSV
added 5 days ago5 views

CVE-2026-45069 Symfony: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims registered audience aud, issuer iss, and expiry exp checkers but did not pass the mandatory claims list to...

8.8CVSS6.1AI score0.00232EPSS
Exploits0References6
NVD
NVD
added 5 days ago9 views

CVE-2026-55954

Authentication Bypass by Spoofing vulnerability in ueberauth ueberauthapple allows account takeover via unvalidated ID token claims. The Ueberauth.Strategy.Apple.Token.payload/2 function verifies the JWT signature of the callback idtoken against Apple's JWKS but does not validate any registered...

9.1CVSS0.00411EPSS
Exploits0References4
CVE
CVE
added 5 days ago14 views

CVE-2026-55954

CVE-2026-55954 affects ueberauth_apple (v0.1.0 up to but not including v0.6.2). The root cause is lack of validation for registered ID token claims (iss, aud, exp, iat) in Ueberauth.Strategy.Apple.Token.payload/2; the code uses the unvalidated sub to derive the user uid and email. An attacker who...

9.1CVSS6.1AI score0.00411EPSS
Exploits0References4
OSV
OSV
added 5 days ago5 views

CVE-2026-55954 Missing ID token claim validation in ueberauth_apple allows account takeover

Authentication Bypass by Spoofing vulnerability in ueberauth ueberauthapple allows account takeover via unvalidated ID token claims. The Ueberauth.Strategy.Apple.Token.payload/2 function verifies the JWT signature of the callback idtoken against Apple's JWKS but does not validate any registered...

9.1CVSS6.1AI score0.00411EPSS
Exploits0References9
NVD
NVD
added 2026/07/12 12:16 p.m.11 views

CVE-2026-56271

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...

9.8CVSS0.00376EPSS
Exploits0References2
OSV
OSV
added 2026/07/12 12:6 p.m.6 views

CVE-2026-56271 Flowise - Weak Default JWT Secrets in Authentication Middleware

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...

9.3CVSS6.1AI score0.00376EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/10 5:22 p.m.8 views

EUVD-2026-42963

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL is an open source identity management platform. From 3.0.0-rc.1 through 3.4.11 and from 4.0.0-rc.1 through 4.15.1, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session....

4.2CVSS6.1AI score0.00167EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/10 4:58 p.m.8 views

EUVD-2026-42958

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validates a token's signature and issuer iss but not the audience aud claim, allowing a validly signed token from a trusted issuer for another relying party to be accepted ...

4.2CVSS6.1AI score0.00112EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/09 9:6 p.m.6 views

CVE-2026-55689

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set to oidc, authn.oidc.issuer was configured, and authn.oidc.audience was not set, allowing a token minted for an unrelated...

6.8CVSS6AI score0.00301EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/07/09 9:6 p.m.57 views

CVE-2026-55689

OpenFGA’s OIDC authentication could accept tokens from the same identity provider for a different application when authn.method=oidc and authn.oidc.issuer is configured but authn.oidc.audience is unset (pre-1.18.0). This allowed unauthorized authentication to OpenFGA. The issue is fixed in OpenFG...

8.1CVSS6AI score0.00301EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder