1623 matches found
Denial of Service (DoS)
Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Denial of Service DoS via the MS Teams webhook process. An attacker can cause resource exhaustion by sending unauthenticated requests that are parsed before proper JWT...
Denial of Service (DoS)
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Denial of Service DoS via the MS Teams webhook process. An attacker can cause resource exhaustion by sending unauthenticated requests that are parsed before proper JWT validation. Details...
OpenClaw: MS Teams webhook parses body before JWT validation, enabling unauthenticated resource exhaustion
Summary MS Teams webhook parses body before JWT validation, enabling unauthenticated resource exhaustion Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: v2026.3.28 still parses Teams JSON after only a Bearer-prefix gate and before real JWT validation, and the...
PT-2026-30279
Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.83.0 Description A critical authentication bypass can occur in LiteLLM when JWT authentication is enabled, due to an OIDC userinfo cache key collision. The OIDC userinfo cache uses the first 20 characters of the tok...
Cloudreve 安全特征问题漏洞
Cloudreve is an open-source public cloud file system that supports multiple cloud storage drivers. Versions of Cloudreve prior to 4.13.0 have a security feature vulnerability. This vulnerability stems from the use of a weak pseudo-random number generator for generating security keys, which may le...
CVE-2026-33746
Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...
CVE-2026-33746 Convoy: JWT Signature Verification Bypass Allows Authentication as Arbitrary Users
Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...
EUVD-2026-18354
Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...
CVE-2026-33746
Convoy (KVM server management panel) is vulnerable in versions 3.9.0-beta through
PT-2026-29968
Name of the Vulnerable Software and Affected Versions fast-jwt affected versions not specified Description The fast-jwt library contains an incomplete fix for a JWT algorithm confusion issue. The public key matcher regex in fast-jwt/src/crypto.js uses a leading anchor that can be bypassed by...
OpenBao Authorization Issues Vulnerability
OpenBao is OpenBao open source a sensitive data management software . OpenBao there is an authorization problem vulnerability , the vulnerability stems from JWT/OIDC login and role callbackmode is set to direct when the user is not prompted to confirm , an attacker can use this vulnerability lead...
Convoy 数据伪造问题漏洞
Convoy is an open-source platform developed by Convoy for hosting providers and enthusiasts. Versions of Convoy from 3.9.0-beta to 4.5.1 contained a data manipulation vulnerability due to insufficient validation of JWT token signatures, which could lead to authentication bypasses...
GHSA-VM9R-H74P-HG97 jose vulnerable to untrusted JWK header key acceptance during signature verification
Impact A vulnerability in jose versions up to and including 0.3.5 could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could treat header-provided jwk as a verification candidat...
CVE-2026-34240
JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...
CVE-2026-31946
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit flow implementation does not verify JWT signatures. The JSONWebToken.parse method silently discards the...
CVE-2026-31946 OpenOLAT: Authentication bypass via forged JWT in OIDC implicit flow
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit flow implementation does not verify JWT signatures. The JSONWebToken.parse method silently discards the...
CVE-2026-31946
OpenOLAT OpenID Connect implicit flow (versions 10.5.4–before 20.2.5) does not verify JWT signatures. The JSONWebToken.parse() method discards the signature segment, and getAccessToken() validates only issuer/audience/state/nonce, without cryptographic verification against the IdP’s JWKS. This ca...
EUVD-2026-17207
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit flow implementation does not verify JWT signatures. The JSONWebToken.parse method silently discards the...
NewStart CGSL MAIN 7.02 : ceph Vulnerability (NS-SA-2026-0039)
The remote NewStart CGSL host, running version MAIN 7.02, has ceph packages installed that are affected by a vulnerability: - Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has none as JWT alg. And by doing so the J...
CVE-2026-33758
A flaw was found in OpenBao. Installations that have an OIDC/JWT authentication method enabled with a role configured to use callbackmode=direct are vulnerable to XSS via the errordescription parameter on the page for a failed authentication. This allows an attacker to access the token used by an...