Lucene search
K

490 matches found

EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39578

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 10:16 p.m.5 views

UBUNTU-CVE-2026-10098

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 9:16 p.m.23 views

CVE-2026-10098 OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS0.00121EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 9:16 p.m.13 views

CVE-2026-10098

CVE-2026-10098: In wolfSSL_OCSP_resp_find_status, OCSP CertID serial-number length-confusion allows a same-issuer SingleResponse whose serial is a prefix of the target’s to be reported as the status of another certificate. The vulnerability arises because the lookup compares serial-number bytes w...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/25 9:16 p.m.4 views

CVE-2026-10098

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.29 views

PT-2026-52590

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A length-confusion issue exists in the wolfSSL OCSP resp find status function. The lookup process compares serial-number bytes without verifying that the two serial numbers are of equal lengt...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 10:16 p.m.7 views

CVE-2026-55759

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, Rocket.Chat's Apple Sign-In handler verifies JWT signatures but skips claims validation. Any Apple-signed JWT with a non-empty iss is accepted...

7.4CVSS0.00243EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 9:7 p.m.8 views

CVE-2026-55759

Rocket.Chat Apple Sign-In had a JWT claims validation bypass prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13. Any Apple-signed JWT with a non-empty iss could be accepted regardless of aud, exp, nbf, or nonce, enabling replay authentication if an attacker obtains a user’s identity t...

7.4CVSS5.9AI score0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:7 p.m.15 views

CVE-2026-55759 Rocket.Chat: Apple Sign-In skips JWT claims validation, allowing expired and cross-audience token replay

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, Rocket.Chat's Apple Sign-In handler verifies JWT signatures but skips claims validation. Any Apple-signed JWT with a non-empty iss is accepted...

7.4CVSS0.00243EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52117

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...

7.4CVSS5.8AI score0.00243EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.13 views

Amazon Linux 2023 : python3-jwt, python3-jwt+crypto (ALAS2023-2026-1842)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1842 advisory. PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate u...

7.4CVSS5.9AI score0.00394EPSS
Exploits1References4
OSV
OSV
added 2026/06/19 8:46 p.m.9 views

GHSA-JC6X-RJ79-W4MX CoreWCF: WS-Security signature substitution via document-wide Signature lookup

Impact An unauthenticated remote attacker who can place a SOAP header lexically before wsse:Security can embed a ds:Signature of their choosing inside that header and cause the server to verify the attacker-supplied signature instead of the one carried in the security header. Preconditions...

5.9CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 8:46 p.m.5 views

CoreWCF: WS-Security signature substitution via document-wide Signature lookup

Impact An unauthenticated remote attacker who can place a SOAP header lexically before wsse:Security can embed a ds:Signature of their choosing inside that header and cause the server to verify the attacker-supplied signature instead of the one carried in the security header. Preconditions...

5.9CVSS5.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 2:35 p.m.6 views

GHSA-HCXC-WF8J-23HV OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset

Description OpenFGA's OIDC authenticator skipped JWT audience aud validation when no audience was configured. In deployments where one identity provider issues tokens for multiple services, a token minted for an unrelated service could authenticate to OpenFGA. Preconditions This applies if the...

6.8CVSS5.8AI score
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in openssl1.0

The OpenSSL public API function X509issuerandserialhash attempts to generate a unique hash value based on the issuer and serial number data contained within an X509 certificate. However, it fails to properly handle any errors that may occur during the parsing of the issuer field—errors that could...

5.9CVSS6.7AI score0.07471EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50974

Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.18.0 Description The OIDC authenticator fails to validate the JWT audience aud claim when no audience is configured. In environments where a single identity provider issues tokens for multiple services, a token...

6.8CVSS5.8AI score
Exploits0References4
OSV
OSV
added 2026/06/18 3:32 p.m.4 views

GHSA-WCPR-6G7X-P44R googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken)

An authentication bypass vulnerability exists in the generic opaque token validation path validateOpaqueToken of googleapis/mcp-toolbox. When the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint RFC 7662, it decodes the response into an introspectResp struct. However, the...

9.3CVSS5.9AI score0.00204EPSS
Exploits0References3
NVD
NVD
added 2026/06/18 2:17 p.m.12 views

CVE-2026-11718

An authentication bypass vulnerability exists in the generic opaque token validation path validateOpaqueToken of googleapis/mcp-toolbox. When the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint RFC 7662, it decodes the response into an introspectResp struct. However, the...

9.3CVSS0.00204EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 1:52 p.m.5 views

GHSA-G5H5-M4HM-XJRR ZITADEL: Missing Token Audience Validation (`aud`) in JWT IdP Provider

Summary An authentication bypass vulnerability was discovered in ZITADEL's external JWT Identity Provider IdP implementation. When validating JSON Web Tokens JWTs from an external provider, ZITADEL properly checks the token's cryptographic signature and issuer iss, but it fails to validate the...

4.2CVSS5.7AI score
Exploits0References5
CVE
CVE
added 2026/06/18 11:52 a.m.36 views

CVE-2026-11718

The CVE-2026-11718 entry concerns an authentication bypass in googleapis/mcp-toolbox: during opaque-token validation via an OAuth 2.0 introspection endpoint, the code decodes the response and checks issuer with the condition a.issuer != "" && iss != "". If the introspection response omits iss, is...

9.3CVSS5.4AI score0.00204EPSS
Exploits0References1
Rows per page
Query Builder