2 matches found
CVE-2026-57997
The CVE concerns the Strapi users-permissions plugin where JWT algorithm restrictions are not enforced if plugin::users-permissions.jwt.algorithm is not explicitly configured. This allows the server to accept HS384 and HS512 tokens alongside HS256. An attacker who possesses the jwtSecret can mint...
PT-2026-50499
Name of the Vulnerable Software and Affected Versions undici versions 5.15.0 through 6.25.x undici versions 7.0.0 through 7.27.x undici versions 8.0.0 through 8.4.x Description When parsing a Set-Cookie header, the software accepts any SameSite attribute value containing Strict, Lax, or None as a...