Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

RedHat Linux
RedHat Linuxadded 2026/05/19 1:25 p.m.4 views

JWCrypto: python-cryptography: python: JWCrypto: Memory exhaustion via crafted compressed JWE tokens

A flaw was found in JWCrypto, a Python library for JSON Web Key JWK, JSON Web Signature JWS, and JSON Web Encryption JWE specifications. An unauthenticated attacker can exploit this vulnerability by sending specially crafted JWE tokens that use ZIP compression. While the input token size is...

5.3CVSS5.8AI score0.00105EPSS
Exploits1References5
Redos
Redosadded 2026/05/06 12:0 a.m.2 views

ROS-20260506-73-0001

A vulnerability in the Jwcrypto JavaScript cryptography library is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow a remote attacker to perform a brute force attack and cause a denial-of-service condition...

5.3CVSS6.3AI score0.00029EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2026/04/30 12:0 a.m.1 views

Amazon Linux 2023 : python3-jwcrypto (ALAS2023-2026-1590)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1590 advisory. JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression...

6.8CVSS5.8AI score0.00381EPSS
Exploits2References4
OSV
OSVadded 2026/04/08 12:16 a.m.0 views

GHSA-FJRM-76X2-C4Q4 JWCrypto: JWE ZIP decompression bomb

Summary The fix for GHSA-j857-7rvv-vj97 in v1.5.6 is weak in that it does not allow to fully control the amount of plaintext the receiver is willing to deal with and provides just a weak upper bound. The patch limits input token size to 250KB but does not validate the decompressed output size. An...

5.3CVSS5.9AI score0.00105EPSS
Exploits1References6
Snyk
Snykadded 2026/04/08 12:16 a.m.1 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification through the JWE decompression that has no upper limit for plaintext size. An attacker can exhaust system memory by sending specially crafted compressed tokens that decompres...

7.5CVSS6.6AI score0.00381EPSS
Exploits2References2
RedhatCVE
RedhatCVEadded 2026/04/07 9:10 p.m.2 views

CVE-2026-39373

A flaw was found in JWCrypto, a Python library for JSON Web Key JWK, JSON Web Signature JWS, and JSON Web Encryption JWE specifications. An unauthenticated attacker can exploit this vulnerability by sending specially crafted JWE tokens that use ZIP compression. While the input token size is...

7.5CVSS5.9AI score0.00105EPSS
Exploits1References4
Rows per page
Query Builder