Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/03/31 10:58 p.m.4 views

CVE-2026-31946

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit flow implementation does not verify JWT signatures. The JSONWebToken.parse method silently discards the...

9.8CVSS5.8AI score0.00206EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/30 8:31 p.m.1 views

CVE-2026-31946

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit flow implementation does not verify JWT signatures. The JSONWebToken.parse method silently discards the...

9.8CVSS5.8AI score0.00206EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.10 views

PT-2026-29122

Name of the Vulnerable Software and Affected Versions OpenOlat versions 10.5.4 through 20.2.4 Description OpenOlat is a web-based e-learning platform. The OpenID Connect implicit flow implementation does not verify JSON Web Token JWT signatures. The JSONWebToken.parse method discards the signatur...

9.8CVSS5.9AI score0.00206EPSS
Exploits0References6
NVD
NVD
added 2026/01/21 10:15 p.m.7 views

CVE-2026-23518

Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not...

9.8CVSS0.00226EPSS
Exploits0References2
OSV
OSV
added 2025/02/25 3:15 p.m.7 views

PYSEC-2025-120

jupyterhub-ltiauthenticator is a JupyterHub authenticator for learning tools interoperability LTI. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only use...

9.8CVSS5.8AI score0.00328EPSS
Exploits0References3
CVE
CVE
added 2025/02/25 2:42 p.m.100 views

CVE-2023-25574

CVE-2023-25574 concerns jupyterhub-ltiauthenticator’s LTI13Authenticator. The issue: LTI13Authenticator, added in version 1.3.0, did not validate JWT signatures, potentially allowing forged authentication requests when the JupyterHub instance is configured to use this authenticator. Affected depl...

10CVSS9.5AI score0.00328EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2020/10/02 12:0 a.m.16 views

WordPress + Microsoft Office 365 < 11.7 - JWT Signature Verification Bypass

The plugin does not correctly verify JWT signatures, allowing attackers to forge tokens and bypass authentication and authorisation checks...

5CVSS4.8AI score0.02146EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2019/06/21 7:40 a.m.32 views

Denial Of Service (DoS)

keycloak-connect is vulnerable to denial of service. Failure to validate JWT signatures on /klogout route allows remote attackers to force logout users and indefinitely deny service to the application using malicious JWTs with NBF values...

5.5CVSS5.6AI score0.00208EPSS
Exploits0References3Affected Software2
Node.js
Node.js
added 2019/06/17 6:36 p.m.34 views

Forced Logout

Overview Versions of keycloak-connect prior to 4.4.0 are vulnerable to Forced Logout. The package fails to validate JWT signatures on the /klogout route, allowing attackers to logout users and craft malicious JWTs with NBF values that prevent user access indefinitely. Recommendation Upgrade to...

2.1CVSS3.8AI score0.00208EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/06/13 8:38 p.m.29 views

GHSA-68HW-VFH7-XVG8 Forced Logout in keycloak-connect

Versions of keycloak-connect prior to 4.4.0 are vulnerable to Forced Logout. The package fails to validate JWT signatures on the /klogout route, allowing attackers to logout users and craft malicious JWTs with NBF values that prevent user access indefinitely. Recommendation Upgrade to version 4.4...

5.5CVSS5.4AI score0.00208EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2019/06/13 8:38 p.m.28 views

Forced Logout in keycloak-connect

Versions of keycloak-connect prior to 4.4.0 are vulnerable to Forced Logout. The package fails to validate JWT signatures on the /klogout route, allowing attackers to logout users and craft malicious JWTs with NBF values that prevent user access indefinitely. Recommendation Upgrade to version 4.4...

5.5CVSS4.7AI score0.00208EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder