Lucene search
+L

29 matches found

osv
osv
added 2 days ago3 views

CVE-2026-45069 Symfony: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims registered audience aud, issuer iss, and expiry exp checkers but did not pass the mandatory claims list to...

8.8CVSS6.1AI score0.00242EPSS
Exploits0References6
cve
cve
added 2 days ago42 views

CVE-2026-45069

CVE-2026-45069 concerns Symfony’s OidcTokenHandler, where verifyClaims() registered aud/iss/exp checkers but did not pass the mandatory claims list to ClaimCheckerManager::check(). Consequently, a validly signed JWT missing these claims could pass verification. The issue is fixed in Symfony relea...

9.1CVSS6.1AI score0.00242EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2 days ago6 views

CVE-2026-55954

Authentication Bypass by Spoofing vulnerability in ueberauth ueberauthapple allows account takeover via unvalidated ID token claims. The Ueberauth.Strategy.Apple.Token.payload/2 function verifies the JWT signature of the callback idtoken against Apple's JWKS but does not validate any registered...

9.1CVSS0.00411EPSS
Exploits0References4
nvd
nvd
added 2026/06/29 2:16 p.m.9 views

CVE-2026-12616

The /v1/upload/sbom endpoint extracts the iss claim from the attacker-supplied JWT with signature verification disabled, then interpolates that string into three log statements before any validation gate. Because the configured log format "%asctimes - %names - %levelnames - %messages" renders...

6.9CVSS0.00308EPSS
Exploits0References1
euvd
euvd
added 2026/06/29 1:23 p.m.8 views

EUVD-2026-40094

The /v1/upload/sbom endpoint extracts the iss claim from the attacker-supplied JWT with signature verification disabled, then interpolates that string into three log statements before any validation gate. Because the configured log format "%asctimes - %names - %levelnames - %messages" renders...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.9 views

PT-2026-52117

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...

7.4CVSS5.8AI score0.00243EPSS
Exploits0References7
snyk
snyk
added 2026/05/20 3:35 p.m.9 views

Improper Verification of Cryptographic Signature

Overview symfony/security-http is a provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. Affected versions of this package are vulnerable to...

9.3CVSS5.8AI score0.00242EPSS
Exploits0References2
veracode
veracode
added 2026/05/15 10:15 a.m.17 views

Authentication Bypass

Unity Catalog is vulnerable to Authentication Bypass. The vulnerability is due to improper validation of the iss claim in JWT tokens, where the token exchange endpoint dynamically fetches JWKS data based on attacker-controlled issuer values without verifying trusted identity providers, allowing...

9.1CVSS5.8AI score0.00183EPSS
Exploits0References2Affected Software1
snyk
snyk
added 2026/05/14 9:25 p.m.6 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to improper validation of JWT aud and iss claims in the Windows MDM authentication flow. An attacker can enroll unauthorized devices by presenting a valid Microsoft-signed Azure AD token from any tenant. This is...

8.2CVSS5.5AI score0.00381EPSS
Exploits0References2
github
github
added 2026/05/14 1:13 p.m.23 views

Fleet Windows MDM Azure AD JWT Authentication Bypass

Summary A vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but does not enforce the aud audience or iss issuer claims, any Microsoft-signed...

8.2CVSS5.8AI score0.00381EPSS
Exploits0References4Affected Software1
euvd
euvd
added 2026/05/11 5:58 p.m.4 views

EUVD-2026-11304

Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation...

9.1CVSS5.8AI score0.00183EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/03/12 9:19 p.m.1 views

CVE-2026-32301 Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL

Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request Forgery SSRF when configured with a dynamic JWKS endpoint URL using template variables e.g. tenant. An unauthenticated attacker can craft a JWT with a malicious iss or...

9.3CVSS5.8AI score0.00258EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/03/11 7:36 p.m.2 views

CVE-2026-27478

Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to...

9.1CVSS5.8AI score0.00183EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/03/11 7:36 p.m.7 views

CVE-2026-27478 Unity Catalog has a JWT Issuer Validation Bypass Allows Complete User Impersonation

Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to...

9.1CVSS5.8AI score0.00183EPSS
Exploits0References3
nessus
nessus
added 2026/02/26 12:0 a.m.8 views

Apache Camel 4.15.0 < 4.18.0 Authentication Bypass (CVE-2026-23552)

The version of Apache Camel on the remote host is 4.15.0 prior to 4.18.0. It is, therefore, affected by an authentication bypass vulnerability: - The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one...

9.1CVSS6AI score0.00398EPSS
Exploits2References2
redhatcve
redhatcve
added 2026/02/24 1:34 p.m.11 views

CVE-2026-23552

Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one Keycloak realm is silently accepted by a policy...

9.1CVSS5.4AI score0.00398EPSS
Exploits2References1
snyk
snyk
added 2026/02/23 9:31 a.m.7 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the KeycloakSecurityPolicy which does not validate the iss issuer claim of JWT tokens against the configured realm. An attacker can gain unauthorized access to resources by providing a JWT token issued by a...

9.3CVSS6AI score0.00398EPSS
Exploits2References2
nvd
nvd
added 2026/02/23 9:17 a.m.14 views

CVE-2026-23552

Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one Keycloak realm is silently accepted by a policy...

9.1CVSS0.00398EPSS
Exploits2References3
cnnvd
cnnvd
added 2026/02/23 12:0 a.m.13 views

Apache Camel 安全漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern from the Apache Foundation in the United States. This framework provides implementations of Java objects following the Enterprise Integration Pattern and allows routing and mediation rules to be...

9.1CVSS5.8AI score0.00398EPSS
Exploits2References3
redhatcve
redhatcve
added 2025/05/23 6:43 a.m.9 views

CVE-2024-47807

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a1de8 and earlier does not check the iss Issuer claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins...

8.1CVSS7AI score0.00632EPSS
Exploits0
Rows per page
Query Builder