Lucene search
K

509 matches found

OSV
OSV
added 2026/05/14 1:13 p.m.45 views

GHSA-FFG9-J72F-J6XM Fleet Windows MDM Azure AD JWT Authentication Bypass

Summary A vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but does not enforce the aud audience or iss issuer claims, any Microsoft-signed...

8.2CVSS5.8AI score0.00381EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/14 1:13 p.m.20 views

Fleet Windows MDM Azure AD JWT Authentication Bypass

Summary A vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but does not enforce the aud audience or iss issuer claims, any Microsoft-signed...

8.2CVSS5.8AI score0.00381EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/11 5:58 p.m.3 views

EUVD-2026-11304

Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation...

9.1CVSS5.8AI score0.00183EPSS
Exploits0References3
OSV
OSV
added 2026/05/11 5:58 p.m.7 views

GHSA-QQCJ-RGHW-829X Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation

Context: A critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to dynamically fetch the JWKS endpoint for signature validation without...

9.1CVSS5.8AI score0.00183EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/11 5:58 p.m.12 views

Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation

Context: A critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to dynamically fetch the JWKS endpoint for signature validation without...

9.1CVSS5.8AI score0.00183EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.10 views

Unity Linux 20.1060e / 20.1070e Security Update: openssl (UTSA-2026-017587)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017587 advisory. The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509...

5.9CVSS6.7AI score0.07471EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/09 12:0 a.m.47 views

PT-2026-39329

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.18 Description Improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This occurs because the...

3.8CVSS5.8AI score0.00216EPSS
Exploits0References4
Hacker One
Hacker One
added 2026/05/06 9:23 p.m.35 views

curl: CURLOPT_PROXY_CRLFILE / CURLOPT_PROXY_ISSUERCERT / CURLOPT_PROXY_ISSUERCERT_BLOB silently ignored on backends that don't support them

From the Mythos report 2026-05-06 F1. CURLOPTPROXYCRLFILE / CURLOPTPROXYISSUERCERT / CURLOPTPROXYISSUERCERTBLOB silently ignored on backends that don't support them — severity Low https://github.com/curl/curl/blob/455bebc2c7/lib/setopt.cL1786-L1797...

6.5CVSS6.5AI score0.01299EPSS
Exploits3
Chainguard
Chainguard
added 2026/05/06 7:17 p.m.13 views

CVE-2026-41889 vulnerabilities

Vulnerabilities for packages: falcosidekick, peerdb-flow, sftpgo, chainloop-control-plane, kuma, argo-workflows-fips, gitlab-cng, kube-bench-fips, harbor-fips, pgtimetable-fips, rke2-cloud-provider, opentelemetry-collector-contrib, src, gitaly-fips, kine, spqr, kots, sftpgo-plugin-eventstore,...

9.8CVSS6.1AI score0.00356EPSS
Exploits0
OSV
OSV
added 2026/05/05 5:15 p.m.5 views

GHSA-9HMG-827W-9RHJ nuts-node has JWT type confusion in v1 access token introspection that allows VP replay as access token

Summary The v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims. This allows a Verifiable Presentation VP JWT to be replayed as an access token and...

4.4CVSS5.8AI score0.00076EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/05 5:15 p.m.23 views

nuts-node has JWT type confusion in v1 access token introspection that allows VP replay as access token

Summary The v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims. This allows a Verifiable Presentation VP JWT to be replayed as an access token and...

4.4CVSS5.8AI score0.00076EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.17 views

PT-2026-37245

Name of the Vulnerable Software and Affected Versions nuts-node versions prior to 5.4.31 nuts-node versions prior to 6.2.3 Description The v1 access token introspection endpoint '/auth/v1/introspect access token' accepts any JSON Web Token JWT signed by a key present on the node without validatin...

4.4CVSS5.8AI score0.00076EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/05/04 9:24 p.m.15 views

Pelican Web UI Affected by a Privilege Escalation Attack

Background On April 2nd, 2026, a Claude coding agent alerted Pelican PI Brian Bockelman to a privilege escalation vulnerability affecting Pelican's Web User Interface WebUI for various versions between v7.21 and v7.24. Upon further investigation, the Pelican team discovered this attack allows any...

9CVSS5.7AI score0.0032EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/27 6:33 p.m.9 views

JLSEC-2026-222 Integer Overflow in openssl-src

The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field which might occur if the...

5.9CVSS6.3AI score0.07471EPSS
Exploits0References30
RedhatCVE
RedhatCVE
added 2026/04/23 6:17 p.m.4 views

CVE-2026-33557

A flaw was found in Apache Kafka. By default, the sasl.oauthbearer.jwt.validator.class property is set to org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator, which does not validate JSON Web Token JWT signatures, issuers, or audiences. A remote attacker can exploit this by crafting ...

9.1CVSS5.8AI score0.00581EPSS
Exploits0References6
OSV
OSV
added 2026/04/22 6:30 a.m.5 views

GHSA-CVC6-Q2CP-2XHW Spring Security has Potential Security Misconfiguration when Using withIssuerLocation

Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator. This issue affects Spring Security: from 6.3.0 through 6.3.14, from...

5.3CVSS5.8AI score0.00203EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/22 6:30 a.m.12 views

Spring Security has Potential Security Misconfiguration when Using withIssuerLocation

Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator. This issue affects Spring Security: from 6.3.0 through 6.3.14, from...

6.5CVSS5.1AI score0.00203EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 5:15 a.m.4 views

CVE-2026-22748 Potential Security Misconfiguration when Using withIssuerLocation

Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through 6.3.14, from...

5.3CVSS5.7AI score0.00203EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 9:18 p.m.25 views

CVE-2026-40946

Oxia (metadata store and coordination system) prior to version 0.16.2 allows OIDC tokens to bypass standard audience validation. The root cause is that the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling aud claim validati...

9.2CVSS5.7AI score0.00255EPSS
Exploits0References1
OSV
OSV
added 2026/04/21 12:4 a.m.3 views

JLSEC-2026-173

In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service daemon exit via a short timestamp. This is related to schemainit.c and checkTime...

7.5CVSS7.1AI score0.64147EPSS
Exploits1References16
Rows per page
Query Builder