Lucene search
K

307 matches found

RedhatCVE
RedhatCVE
added 2026/03/16 7:19 p.m.4 views

CVE-2026-28490

A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. This cryptographic padding oracle vulnerability, affecting the JSON Web Encryption JWE RSA15 key management algorithm, could allow a remote attacker to decrypt sensitive information. The vulnerability...

8.3CVSS5.8AI score0.00142EPSS
Exploits1References6
OSV
OSV
added 2026/03/16 6:16 p.m.5 views

UBUNTU-CVE-2026-28490

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...

8.3CVSS5.7AI score0.00142EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/16 5:37 p.m.4 views

CVE-2026-28490 Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...

8.3CVSS5.7AI score0.00142EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/16 5:37 p.m.23 views

CVE-2026-28490 Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...

8.3CVSS0.00142EPSS
Exploits1References3
OSV
OSV
added 2026/03/16 5:37 p.m.6 views

CVE-2026-28490 Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...

8.3CVSS5.8AI score0.00142EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/16 5:37 p.m.5 views

CVE-2026-28490

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...

8.3CVSS5.7AI score0.00142EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/16 3:17 p.m.10 views

Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle

Executive Summary A cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registers RSA15 in its default algorithm registry without requiring explicit opt-in,...

8.3CVSS6.2AI score0.00142EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/03/16 3:17 p.m.8 views

EUVD-2026-12480

Authlib Vulnerable to JWE RSA15 Bleichenbacher Padding Oracle...

8.3CVSS5.8AI score0.00142EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.10 views

Authlib 加密问题漏洞

Authlib is an open-source library developed by Authlib, designed as a ultimate Python library for building OAuth and OpenID Connect servers. Versions of Authlib prior to 1.6.9 contained a security vulnerability related to encryption. This vulnerability stemmed from a cryptographic padding mechani...

8.3CVSS5.8AI score0.00142EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2026/03/06 12:0 a.m.183 views

📄 joserfc JWE PBES2 1.6.2 Denial of Service

A denial of service condition can occur in applications using the joserfc library when processing malicious JSON Web Encryption tokens that use the PBES2-HS256+A128KW algorithm...

7.5CVSS5.8AI score0.00432EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/03/05 8:19 p.m.193 views

Exploit for CVE-2026-29000

CVE-2026-29000: pac4j-jwt JwtAuthenticator authentication bypa...

10CVSS6AI score0.05856EPSS
Exploits17
SUSE CVE
SUSE CVE
added 2026/03/05 6:50 a.m.6 views

SUSE CVE-2026-27932

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS5.8AI score0.00432EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/03/04 5:2 a.m.8 views

CVE-2026-27932

A flaw was found in joserfc, a Python library for JSON Object Signing and Encryption JOSE standards. An unauthenticated attacker can cause a Denial of Service DoS by exploiting a resource exhaustion vulnerability. This occurs when the library decrypts a JSON Web Encryption JWE token using...

7.5CVSS5.8AI score0.00432EPSS
Exploits2References2
NVD
NVD
added 2026/03/03 11:15 p.m.11 views

CVE-2026-27932

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS0.00432EPSS
Exploits2References2
OSV
OSV
added 2026/03/03 11:15 p.m.6 views

DEBIAN-CVE-2026-27932

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS5.4AI score0.00432EPSS
Exploits2References1
OSV
OSV
added 2026/03/03 11:15 p.m.6 views

UBUNTU-CVE-2026-27932

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS5.8AI score0.00432EPSS
Exploits2References4
Debian CVE
Debian CVE
added 2026/03/03 10:48 p.m.7 views

CVE-2026-27932

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS5.4AI score0.00432EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2026/03/03 10:48 p.m.5 views

CVE-2026-27932 joserfc PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS6AI score0.00432EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/03/03 10:48 p.m.4 views

CVE-2026-27932

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS6AI score0.00432EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2026/03/03 10:48 p.m.25 views

CVE-2026-27932

CVE-2026-27932 affects the Python library joserfc (1.6.2 and earlier). The root cause is an unbounded PBES2 Count (p2c) value read from a JWE protected header, which allows an attacker to trigger CPU exhaustion and Denial of Service by forcing extremely high PBKDF2 iteration counts. Impact is at ...

7.5CVSS6AI score0.00432EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder