CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added yesterday•13 views

CVE-2026-57997 Strapi users-permissions - JWT Algorithm Confusion via Missing Algorithm Configuration

6.3CVSS

CVE•added yesterday•7 views

CVE-2026-57997

The CVE concerns the Strapi users-permissions plugin where JWT algorithm restrictions are not enforced if plugin::users-permissions.jwt.algorithm is not explicitly configured. This allows the server to accept HS384 and HS512 tokens alongside HS256. An attacker who possesses the jwtSecret can mint...

6.3CVSS5.8AI score

NVD•added yesterday•6 views

CVE-2026-12616

The /v1/upload/sbom endpoint extracts the iss claim from the attacker-supplied JWT with signature verification disabled, then interpolates that string into three log statements before any validation gate. Because the configured log format "%asctimes - %names - %levelnames - %messages" renders...

6.9CVSS

Nuclei•added yesterday•92 views

Cisco IOS XE WLC - Arbitrary File Upload

A vulnerability in the Out-of-Band Access Point AP Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.This vulnerability is due to the presence of a hard-coded JSON Web...

10CVSS7.5AI score0.17894EPSS

Exploits1References2

Nuclei•added 2 days ago•11 views

FUXA <= 1.2.7 - Hardcoded JWT Secret Authentication Bypass

FUXA v1.2.7 contains a hardcoded credentials vulnerability caused by use of a hard-coded secret key in server/api/jwt-helper.js, letting remote attackers forge admin tokens and bypass authentication, exploit requires no special conditions. id: CVE-2025-69971 info: name: FUXA = 1.2.7 - Hardcoded J...

9.8CVSS5.8AI score0.02036EPSS

Exploits0References3

EUVD•added 4 days ago•5 views

EUVD-2026-39567

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to...

8.1CVSS5.8AI score0.0019EPSS

Tenable Nessus•added 4 days ago•7 views

SUSE SLED15 / SLES15 Security Update : python-PyJWT (SUSE-SU-2026:2626-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2626-1 advisory. This update for python-PyJWT fixes the following issues - CVE-2026-48522: PyJWKClient passes URI arguments...

7.4CVSS5.8AI score0.00288EPSS

Exploits4References16

NVD•added 5 days ago•5 views

CVE-2026-11800

8.1CVSS0.0019EPSS

Vulnrichment•added 5 days ago•5 views

CVE-2026-11800 Org.keycloak:keycloak-services: keycloak: authentication bypass via jwt algorithm confusion

8.1CVSS5.7AI score0.0019EPSS

CVE•added 5 days ago•17 views

CVE-2026-11800

CVE-2026-11800 concerns Keycloak services and describes a JWT algorithm confusion vulnerability in the JWT Authorization Grant flow. The issue allows an attacker with valid client credentials to bypass signature verification by forging an assertion, enabling creation of unauthorized access tokens...

8.1CVSS5.8AI score0.0019EPSS

Cvelist•added 5 days ago•19 views

CVE-2026-11800 Org.keycloak:keycloak-services: keycloak: authentication bypass via jwt algorithm confusion

8.1CVSS0.0019EPSS

RedhatCVE•added 5 days ago•4 views

CVE-2026-11800

8.1CVSS5.8AI score0.0019EPSS

Exploits0References3

RedHat Linux•added 5 days ago•4 views

keycloak: Keycloak: Privilege escalation due to oversized subject_token JWT

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subjecttoken JSON Web Token JWT to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client...

8.8CVSS5.7AI score0.0032EPSS

IBM Security Bulletins•added 5 days ago•3 views

Security Bulletin: Multiple vulnerabilities in IBM DevOps Solution Workbench

Summary Multiple vulnerabilities were addressed in IBM DevOps Solution Workbench version 5.2.0 Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0,...

9.8CVSS6.6AI score0.01339EPSS

Exploits4Affected Software1

CVE•added 6 days ago•7 views

CVE-2026-55759

Rocket.Chat Apple Sign-In had a JWT claims validation bypass prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13. Any Apple-signed JWT with a non-empty iss could be accepted regardless of aud, exp, nbf, or nonce, enabling replay authentication if an attacker obtains a user’s identity t...

7.4CVSS5.9AI score0.00243EPSS

Cvelist•added 6 days ago•15 views

CVE-2026-55759 Rocket.Chat: Apple Sign-In skips JWT claims validation, allowing expired and cross-audience token replay

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, Rocket.Chat's Apple Sign-In handler verifies JWT signatures but skips claims validation. Any Apple-signed JWT with a non-empty iss is accepted...

7.4CVSS0.00243EPSS

CVE•added 6 days ago•11 views

CVE-2026-55666

Rocket.Chat vulnerable pre-versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13 due to a flaw in apps/meteor/app/apple/server/loginHandler.ts where handleIdentityToken parses an Apple OAuth JWT. If the JWT lacks an email, the code falls back to accepting an arbitrary email value supplie...

9.3CVSS6AI score0.00295EPSS