307 matches found
CVE-2026-28490
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. This cryptographic padding oracle vulnerability, affecting the JSON Web Encryption JWE RSA15 key management algorithm, could allow a remote attacker to decrypt sensitive information. The vulnerability...
UBUNTU-CVE-2026-28490
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...
CVE-2026-28490 Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...
CVE-2026-28490 Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...
CVE-2026-28490 Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...
CVE-2026-28490
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...
Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle
Executive Summary A cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registers RSA15 in its default algorithm registry without requiring explicit opt-in,...
EUVD-2026-12480
Authlib Vulnerable to JWE RSA15 Bleichenbacher Padding Oracle...
Authlib 加密问题漏洞
Authlib is an open-source library developed by Authlib, designed as a ultimate Python library for building OAuth and OpenID Connect servers. Versions of Authlib prior to 1.6.9 contained a security vulnerability related to encryption. This vulnerability stemmed from a cryptographic padding mechani...
📄 joserfc JWE PBES2 1.6.2 Denial of Service
A denial of service condition can occur in applications using the joserfc library when processing malicious JSON Web Encryption tokens that use the PBES2-HS256+A128KW algorithm...
Exploit for CVE-2026-29000
CVE-2026-29000: pac4j-jwt JwtAuthenticator authentication bypa...
SUSE CVE-2026-27932
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...
CVE-2026-27932
A flaw was found in joserfc, a Python library for JSON Object Signing and Encryption JOSE standards. An unauthenticated attacker can cause a Denial of Service DoS by exploiting a resource exhaustion vulnerability. This occurs when the library decrypts a JSON Web Encryption JWE token using...
CVE-2026-27932
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...
DEBIAN-CVE-2026-27932
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...
UBUNTU-CVE-2026-27932
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...
CVE-2026-27932
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...
CVE-2026-27932 joserfc PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...
CVE-2026-27932
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...
CVE-2026-27932
CVE-2026-27932 affects the Python library joserfc (1.6.2 and earlier). The root cause is an unbounded PBES2 Count (p2c) value read from a JWE protected header, which allows an attacker to trigger CPU exhaustion and Denial of Service by forcing extremely high PBKDF2 iteration counts. Impact is at ...