CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/01/21 12:0 a.m.•3 views

PT-2026-3878

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, due to improper input validation, a malicious object key can lead to prototype pollution during JSON deserialization. This vulnerability affects only JSON...

7.3CVSS5.6AI score0.00333EPSS

CNNVD•added 2026/01/21 12:0 a.m.•7 views

Fleet data falsification vulnerability

Fleet is an open-source device management platform that supports various operating systems and devices. It helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. It’s free and flexible. Fleet has a data falsification vulnerability, which stems from...

RedhatCVE•added 2026/01/20 9:22 p.m.•1 views

CVE-2026-23849

File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the JSONAuth. Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuri...

5.3CVSS5.7AI score0.00237EPSS

Exploits1References1

Snyk•added 2026/01/20 8:55 p.m.•1 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the JWT verification process. An attacker can gain unauthorized enrollment of rogue devices by submitting a forged JWT with arbitrary identity claims, as the system fails to verify th...

9.8CVSS5.7AI score0.00059EPSS

Improper Verification of Cryptographic Signature

Snyk•added 2026/01/20 8:55 p.m.•4 views

Improper Verification of Cryptographic Signature

Github Security Blog•added 2026/01/20 8:55 p.m.•8 views

Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment

Summary A vulnerability in Fleet’s Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not verified, Fleet could accept attacker-controlled identity claims, enabling enrollment of unauthorized...

Exploits0References5Affected Software1

OSV•added 2026/01/20 8:55 p.m.•5 views

GHSA-63M5-974W-448V Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment

9.3CVSS5.8AI score0.00059EPSS

Exploits0References5

9.8CVSS5.7AI score0.00059EPSS

Improper Verification of Cryptographic Signature

9.8CVSS5.7AI score0.00059EPSS

Improper Verification of Cryptographic Signature

Improper Verification of Cryptographic Signature

CVE•added 2026/01/20 7:56 p.m.•18 views

CVE-2026-0622

Open5GS WebUI is affected by CVE-2026-0622: by default it uses hard-coded JWT signing keys (the string change-me) when JWT_SECRET_KEY is unset, allowing an unauthenticated network attacker to forge JWTs and gain access to protected WebUI endpoints (notably under /api/db/*). The issue arises from ...

6.5CVSS5.4AI score0.0005EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/01/20 7:56 p.m.•14 views

CVE-2026-0622 Open 5GS WebUI uses a hard-coded JWT signing key

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

0.0005EPSS

Vulnrichment•added 2026/01/20 7:56 p.m.•3 views

CVE-2026-0622 Open 5GS WebUI uses a hard-coded JWT signing key

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

5.4AI score0.0005EPSS