Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

41719 matches found

Rockylinux
Rockylinuxadded 2026/05/28 3:43 p.m.12 views

openssl security update

An update is available for openssl. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transpo...

7.5CVSS7.4AI score0.00042EPSS
Exploits0
OSV
OSVadded 2026/05/28 3:43 p.m.8 views

RLSA-2023:6699 Moderate: krb5 security and bug fix update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

8.8CVSS6.8AI score0.01226EPSS
Exploits0References3
CVE
CVEadded 2026/05/28 3:29 p.m.13 views

CVE-2026-47673

CVE-2026-47673 concerns the Hono web framework. Before version 4.12.21, the jwt and jwk middlewares did not validate that the Authorization header used the Bearer scheme. Any two-part header value—regardless of the scheme name in the first position—proceeds to JWT verification. As a result, a req...

6.5CVSS5.8AI score0.00037EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2026/05/28 3:10 p.m.7 views

EUVD-2026-32918

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00014EPSS
Exploits1References1
CVE
CVEadded 2026/05/28 3:10 p.m.35 views

CVE-2026-48523

PyJWT vulnerability affecting versions 2.9.0–2.12.1 where verifier-side algorithm allow-list bypass occurs when decoding with a PyJWK/PyJWKClient key. The token header’s alg is checked against the caller-supplied allow-list, but the signature is verified using the algorithm bound to the PyJWK obj...

5.4CVSS5.8AI score0.00014EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVEadded 2026/05/28 3:10 p.m.9 views

CVE-2026-48523

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00014EPSS
Exploits1
ATTACKERKB
ATTACKERKBadded 2026/05/28 3:10 p.m.5 views

CVE-2026-48523

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00014EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/28 3:10 p.m.7 views

CVE-2026-48523 PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00014EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/28 3:9 p.m.8 views

CVE-2026-48526

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

7.4CVSS5.8AI score0.00017EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVEadded 2026/05/28 3:9 p.m.7 views

CVE-2026-48526

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

7.4CVSS5.8AI score0.00017EPSS
Exploits1
Cvelist
Cvelistadded 2026/05/28 3:9 p.m.26 views

CVE-2026-48526 PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

7.4CVSS0.00017EPSS
Exploits1References1
CVE
CVEadded 2026/05/28 3:9 p.m.24 views

CVE-2026-48526

PyJWT (Python) prior to 2.13.0 did not validate the use of JSON Web Keys in HMAC verification, allowing an attacker to use the issuer public key as the HMAC secret during token verification. This could enable forging tokens when mixing RS/EC/JWK and HS algorithms. The issue is fixed in PyJWT 2.13...

7.4CVSS5.8AI score0.00017EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/28 3:9 p.m.9 views

CVE-2026-48526 PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

7.4CVSS5.8AI score0.00017EPSS
Exploits1References1
EUVD
EUVDadded 2026/05/28 3:9 p.m.6 views

EUVD-2026-32917

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

7.4CVSS5.8AI score0.00017EPSS
Exploits1References1
EUVD
EUVDadded 2026/05/28 3:7 p.m.8 views

EUVD-2026-32916

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

3.7CVSS5.8AI score0.00057EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/28 2:44 p.m.7 views

CVE-2026-44593

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...

8.7CVSS5.9AI score0.00082EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVEadded 2026/05/28 2:15 p.m.8 views

CVE-2026-48901

The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...

7.5CVSS5.8AI score0.00002EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2026/05/28 1:35 p.m.9 views

kernel: Bluetooth: MGMT: validate LTK enc_size on load

A flaw was found in the Linux kernel's Bluetooth management MGMT component. An attacker could exploit a vulnerability in how Long Term Keys LTK are loaded. By providing an oversized encryption size, a stack buffer overflow can occur, potentially leading to a denial of service...

7.8CVSS6AI score0.00015EPSS
Exploits0References5
NVD
NVDadded 2026/05/28 10:16 a.m.8 views

CVE-2026-46163

In the Linux kernel, the following vulnerability has been resolved: wifi: b43legacy: enforce bounds check on firmware key index in RX path Same fix as b43: the firmware-controlled key index in b43legacyrx can exceed dev-maxnrkeys. The existing B43legacyWARNON is non-enforcing in production builds...

0.00032EPSS
Exploits0References8
NVD
NVDadded 2026/05/28 10:16 a.m.6 views

CVE-2026-46145

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rxhashkeylen Sashiko points out that rxhashkeylen comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow...

7.8CVSS0.00013EPSS
Exploits0References5
Rows per page
Query Builder