Lucene search
K

46 matches found

RedhatCVE
RedhatCVE
added 2026/04/07 5:4 p.m.4 views

CVE-2026-34950

fast-jwt provides fast JSON Web Token JWT implementation. In 6.1.0 and earlier, the publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT algorithm confusion attack that CVE-2023-48223 patch...

9.1CVSS5.9AI score0.00235EPSS
Exploits1References1
NVD
NVD
added 2026/04/06 4:16 p.m.3 views

CVE-2026-34950

fast-jwt provides fast JSON Web Token JWT implementation. In 6.1.0 and earlier, the publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT algorithm confusion attack that CVE-2023-48223 patch...

9.1CVSS0.00235EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 3:54 p.m.2 views

CVE-2026-34950 fast-jwt has an incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key

fast-jwt provides fast JSON Web Token JWT implementation. In 6.1.0 and earlier, the publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT algorithm confusion attack that CVE-2023-48223 patch...

9.1CVSS6.2AI score0.00235EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/06 3:54 p.m.3 views

EUVD-2026-19356

fast-jwt provides fast JSON Web Token JWT implementation. In 6.1.0 and earlier, the publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT algorithm confusion attack that CVE-2023-48223 patch...

9.1CVSS5.9AI score0.00687EPSS
Exploits2References2
Snyk
Snyk
added 2026/04/02 8:37 p.m.6 views

Use of a Broken or Risky Cryptographic Algorithm

Overview fast-jwt is a Fast JSON Web Token implementation Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the performDetectPublicKeyAlgorithms function due to improper handling of leading whitespace in PEM key strings. An attacker can gain...

9.1CVSS6.4AI score0.00687EPSS
Exploits2References2
OSV
OSV
added 2026/04/02 8:37 p.m.3 views

GHSA-MVF2-F6GM-W987 fast-jwt: Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key

Summary The fix for GHSA-c2ff-88x2-x9pg CVE-2023-48223 is incomplete. The publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT algorithm confusion attack that the CVE patched. Details The f...

9.1CVSS6AI score0.00235EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.5 views

PT-2026-29968

Name of the Vulnerable Software and Affected Versions fast-jwt affected versions not specified Description The fast-jwt library contains an incomplete fix for a JWT algorithm confusion issue. The public key matcher regex in fast-jwt/src/crypto.js uses a leading anchor that can be bypassed by...

9.1CVSS6.2AI score0.00687EPSS
Exploits2References11
EUVD
EUVD
added 2025/11/20 9:30 p.m.4 views

EUVD-2025-198344

HackerOne community member Dao Hoang Anh yoyomiski has reported an improper neutralization of whitespace in the username when adding new users. A username with leading or trailing whitespace could be virtually indistinguishable from its legitimate counterpart when the username is displayed in the...

5.4CVSS6.3AI score0.00215EPSS
Exploits1References2
NVD
NVD
added 2025/11/20 7:16 p.m.5 views

CVE-2025-55127

HackerOne community member Dao Hoang Anh yoyomiski has reported an improper neutralization of whitespace in the username when adding new users. A username with leading or trailing whitespace could be virtually indistinguishable from its legitimate counterpart when the username is displayed in the...

5.4CVSS0.00215EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/11/20 7:7 p.m.4 views

CVE-2025-55127

HackerOne community member Dao Hoang Anh yoyomiski has reported an improper neutralization of whitespace in the username when adding new users. A username with leading or trailing whitespace could be virtually indistinguishable from its legitimate counterpart when the username is displayed in the...

0.00215EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.8 views

PT-2025-47625

HackerOne community member Dao Hoang Anh yoyomiski has reported an improper neutralization of whitespace in the username when adding new users. A username with leading or trailing whitespace could be virtually indistinguishable from its legitimate counterpart when the username is displayed in the...

6.8AI score0.00215EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-3089

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00819EPSS
Exploits1References8
Snyk
Snyk
added 2024/12/11 5:3 p.m.3 views

Improper Input Validation

Overview spatie/browsershot is a library for converting a webpage to an image or pdf using headless Chrome. Affected versions of this package are vulnerable to Improper Input Validation due to improper URL validation in the setUrl method. An attacker can exploit this vulnerability by using leadin...

8.6CVSS6.8AI score0.00573EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/09/17 12:0 a.m.22 views

openSUSE 15 Security Update : htmldoc (openSUSE-SU-2024:0303-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0303-1 advisory. - CVE-2024-45508: Fixed an out-of-bounds write in parseparagraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only...

9.8CVSS5.5AI score0.00706EPSS
Exploits1References4
OSV
OSV
added 2024/09/16 2:1 p.m.13 views

OPENSUSE-SU-2024:0304-1 Security update for htmldoc

This update for htmldoc fixes the following issues: - CVE-2024-45508: Fixed an out-of-bounds write in parseparagraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node boo1230022...

9.8CVSS9.4AI score0.00706EPSS
Exploits1References3
OSV
OSV
added 2024/09/16 2:1 p.m.17 views

OPENSUSE-SU-2024:0303-1 Security update for htmldoc

This update for htmldoc fixes the following issues: - CVE-2024-45508: Fixed an out-of-bounds write in parseparagraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node boo1230022...

9.8CVSS9.4AI score0.00706EPSS
Exploits1References3
NVD
NVD
added 2024/09/01 10:15 p.m.31 views

CVE-2024-45508

HTMLDOC before 1.9.19 has an out-of-bounds write in parseparagraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node...

9.8CVSS0.00706EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2024/09/01 10:15 p.m.25 views

CVE-2024-45508

HTMLDOC before 1.9.19 has an out-of-bounds write in parseparagraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node...

9.8CVSS7.2AI score0.00706EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/09/01 12:0 a.m.24 views

CVE-2024-45508

HTMLDOC before 1.9.19 has an out-of-bounds write in parseparagraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node...

6.9AI score0.00706EPSS
Exploits1References3
OSV
OSV
added 2024/02/21 5:15 p.m.4 views

CVE-2024-1714

An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request...

7.1CVSS5.8AI score0.00344EPSS
Exploits0References1
Rows per page
Query Builder