Lucene search
K

4 matches found

RedHat Linux
RedHat Linux
added 2026/06/15 2:41 a.m.12 views

python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...

7.4CVSS5.4AI score0.00394EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 7:30 a.m.6 views

CVE-2024-48930

secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In elliptic-based version, loadUncompressedPublicKey has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, however, loadCompressedPublicKey is missing that...

8.7CVSS6.5AI score0.00393EPSS
Exploits0
CVE
CVE
added 2023/09/21 1:17 p.m.68 views

CVE-2023-43631

The CVE-2023-43631 issue affects the Pillar/EVE container in EVE OS. On boot, the container checks for /config/authorized_keys and, if a valid public key is present, enables SSH on port 22 for root login. The /config partition is not protected by measured boot, is mutable, and unencrypted, allowi...

8.8CVSS8.7AI score0.00159EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/07/29 12:0 a.m.8 views

PT-2022-15770 · Unknown · Sweet B Library

Name of the Vulnerable Software and Affected Versions: Sweet B library affected versions not specified Description: The issue arises from an incorrect choice of sign bit when compressing or decompressing elliptic curve points using the Sweet B library. An attacker with user-level privileges can...

5.3CVSS5.1AI score0.00615EPSS
Exploits0References4
Rows per page
Query Builder