CVE-2026-41164

nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...

CVE-2026-47202

Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2...

CVE-2026-9704

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subjecttoken JSON Web Token JWT to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client...

CVE-2026-9704 Keycloak: keycloak: privilege escalation due to oversized subject_token jwt

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subjecttoken JSON Web Token JWT to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client...

CVE-2026-44985

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables...

EUVD-2026-32017

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables...

CVE-2026-47202

Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2...

CVE-2026-41164

The CVE concerns nuts-node, the reference implementation of the Nuts spec. Prior to versions 6.2.3 (and 5.4.31 for the 5.x branch), the v1 access token introspection endpoint (/auth/v1/introspect_access_token) validates only standard JWTs, and does not enforce Nuts-specific checks such as JWT typ...

CVE-2026-47202 Kavita: Pre-Auth Account Takeover

Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2...

Cashu NUTs 数据伪造问题漏洞

Cashu NUTs is an open-source protocol specification developed by Cashu. Versions prior to Cashu NUTs 6.2.3 and 5.4.31 contained a data manipulation vulnerability. This vulnerability stemmed from the fact that access tokens accepted endpoints in v1 allowed JWTs signed with any key, without verifyi...

jwt-pwn

jwt-pwn A zero-dependency Python 3 toolkit for discovering an...

RockyLinux 8 : osbuild-composer (RLSA-2025:7967)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7967 advisory. golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing CVE-2025-30204 Tenable has extracted the preceding description block directly from...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the TESTCONNECTION workflow for a Database Service. An attacker can obtain sensitive credentials and authentication tokens by triggering the workflow and inspecting the HTTP response...

MAL-2026-4584 Malicious code in ihubinternal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d05496a74a52542f8bf237430ae41377eb71e3710b41abfcc1f7b5cf3642885 The package exports a VelocityAuth function that, when called by integrating applications, sends end-user Solana wallet public keys, signed...

Improper Verification of Cryptographic Signature

Overview symfony/security-http is a provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. Affected versions of this package are vulnerable to...

Astra Linux - уязвимость в ceph

A flaw was discovered in Red Hat Ceph Storage 4, within the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for documentation purposes, which again exposes them to...

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command-Line Arguments

JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of...

Malicious code in saas-common-lib-473815 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0142a19ba91410cc19470321caba04aa48633df937b0ed66439cccf31877a333 utils/sendemailotp.py exposes otpEmailServicetoemail, emailbody, which authenticates to smtp.gmail.com using a hardcoded sender address...

MAL-2026-4766 Malicious code in saas-common-lib-473815 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0142a19ba91410cc19470321caba04aa48633df937b0ed66439cccf31877a333 utils/sendemailotp.py exposes otpEmailServicetoemail, emailbody, which authenticates to smtp.gmail.com using a hardcoded sender address...