485 matches found
EUVD-2026-32917
PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed...
CVE-2026-50627 Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator
The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...
CVE-2026-50627
The CVE-2026-50627 issue affects Apache CXF’s JwtAccessTokenValidator, which fails to validate the aud (Audience) claim in incoming JWT access tokens. As described in multiple sources (NVD/Red Hat/CVE List/etc.), a token issued for one Resource Server could be replayed against a different Resourc...
RockyLinux 9 : openssl (RLSA-2026:25239)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25239 advisory. openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing CVE-2026-7383 openssl: OpenSSL: Denial of Service due to...
Important: openssl security update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing CVE-2026-73...
UBUNTU-CVE-2026-42769
Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...
CVE-2026-7765
Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...
UBUNTU-CVE-2026-7765
Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...
EUVD-2026-35051
Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...
CVE-2026-7765
Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...
CVE-2026-7765 User Messages widget leaked issuer messages on shared dashboards
Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...
CVE-2026-7765
Checkmk
CVE-2026-7765 User Messages widget leaked issuer messages on shared dashboards
Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...
PT-2026-47285
Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...
OESA-2026-2561 glib-networking security update
glib-networking contains the implementations of certain GLib networking features that cannot be implemented directly in GLib itself because of their dependencies. Security Fixes: A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafte...
CVE-2026-25681 vulnerabilities
Vulnerabilities for packages: hydra, snyk-cli, flux, ingress-nginx-controller, traefik, prometheus-operator, kine, crossplane-provider-azure-authorization, fq, kots, minio, vale, hubble, gitea, crossplane-provider-azure-storage, cilium, telegraf, argo-cd, vitess, gptscript, kubernetes-dashboard,...
CVE-2026-25680 vulnerabilities
Vulnerabilities for packages: hydra, snyk-cli, flux, ingress-nginx-controller, traefik, prometheus-operator, kine, crossplane-provider-azure-authorization, fq, kots, minio, vale, hubble, gitea, crossplane-provider-azure-storage, cilium, telegraf, argo-cd, vitess, gptscript, kubernetes-dashboard,...
CVE-2026-27136 vulnerabilities
Vulnerabilities for packages: hydra, snyk-cli, flux, ingress-nginx-controller, traefik, prometheus-operator, kine, crossplane-provider-azure-authorization, fq, kots, minio, vale, hubble, gitea, crossplane-provider-azure-storage, cilium, telegraf, argo-cd, vitess, gptscript, kubernetes-dashboard,...
GHSA-M9X8-M34X-FJ9Q vulnerabilities
Vulnerabilities for packages: hydra, snyk-cli, flux, ingress-nginx-controller, traefik, prometheus-operator, kine, crossplane-provider-azure-authorization, fq, kots, minio, vale, hubble, gitea, crossplane-provider-azure-storage, cilium, telegraf, argo-cd, vitess, gptscript, kubernetes-dashboard,...
GHSA-CG87-VWWH-XVGJ vulnerabilities
Vulnerabilities for packages: hydra, snyk-cli, flux, ingress-nginx-controller, traefik, prometheus-operator, kine, crossplane-provider-azure-authorization, fq, kots, minio, vale, hubble, gitea, crossplane-provider-azure-storage, cilium, telegraf, argo-cd, vitess, gptscript, kubernetes-dashboard,...