Lucene search
K

47 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.10 views

Debian dla-4564 : python3-jwt - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4564 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4564-1 [email protected] https://www.debian.org/lts/security/...

7.5CVSS6.7AI score0.00269EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 2:36 p.m.7 views

Security Bulletin: IBM Edge Data Collector uses PyJWT-2.10.1-py3-none-any.whl, pyjwt-2.11.0-py3-none-any.whl which is vulnerable to CVE-2026-32597.

Summary IBM Edge Data Collector uses PyJWT-2.10.1-py3-none-any.whl, pyjwt-2.11.0-py3-none-any.whl which is vulnerable to CVE-2026-32597. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-32597 DESCRIPTION: PyJWT is a JSON Web Token implementatio...

7.5CVSS6.8AI score0.00269EPSS
Exploits1Affected Software1
Rockylinux
Rockylinux
added 2026/04/30 6:1 p.m.5 views

fence-agents security update

An update is available for fence-agents. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling...

8.2CVSS6.6AI score0.0058EPSS
Exploits2
OSV
OSV
added 2026/04/30 6:1 p.m.4 views

RLSA-2026:12176 Important: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: cryptography: cryptography Subgroup Attack Due to Missing Subgroup...

7.5CVSS7.8AI score0.0058EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.8 views

RockyLinux 8 : fence-agents (RLSA-2026:12176)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:12176 advisory. cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves CVE-2026-26007 pyjwt: PyJWT accepts unknown crit header...

8.2CVSS7.3AI score0.0058EPSS
Exploits2References7
AlmaLinux
AlmaLinux
added 2026/04/30 12:0 a.m.13 views

Important: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: cryptography: cryptography Subgroup Attack Due to Missing Subgroup...

8.2CVSS6.6AI score0.0058EPSS
Exploits2References8
OSV
OSV
added 2026/04/30 12:0 a.m.4 views

ALSA-2026:12176 Important: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: cryptography: cryptography Subgroup Attack Due to Missing Subgroup...

8.2CVSS6.8AI score0.0058EPSS
Exploits2References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/29 5:40 p.m.3 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pyjwt-2.11.0-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pyjwt-2.11.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-32597 DESCRIPTION: PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC...

7.5CVSS7.2AI score0.00269EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 7:43 a.m.10 views

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses mlflow-3.1.0-py3-none-any.whl, fast-xml-parser-4.5.3.tgz, nltk-3.9.1-py3-none-any.whl, tar-7.4.3.tgz, tar-7.5.9.tgz, PyJWT-2.10.1-py3-none-any.whl, pyasn1-0.6.2-py3-none-any.whl, fast-xml-parser-5.3.6.tgz, jackson-core-2.19.4.jar,...

8.8CVSS7.8AI score0.01682EPSS
Exploits10Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/31 12:0 a.m.3 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : PyJWT vulnerability (USN-8133-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8133-1 advisory. It was discovered that PyJWT did not validate the critical header parameter, contrary to the RFC...

7.5CVSS7.3AI score0.00269EPSS
Exploits1References2
OSV
OSV
added 2026/03/13 7:55 p.m.1 views

DEBIAN-CVE-2026-32597

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting...

7.5CVSS7.2AI score0.00269EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-32597

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 4.1.11. When...

7.5CVSS6.8AI score0.00269EPSS
Exploits1References2
CVE
CVE
added 2026/03/12 9:41 p.m.249 views

CVE-2026-32597

PyJWT prior to 2.12.0 does not validate the crit header (RFC 7515 §4.1.11). If a JWS contains a crit array with extensions PyJWT cannot understand, the library accepts the token instead of rejecting it, violating the MUST requirement. This CVE affects PyJWT and is fixed in version 2.12.0. Remedia...

7.5CVSS5.8AI score0.00269EPSS
Exploits1References33Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/12 9:41 p.m.7 views

acapy-agent (>=1.1.1 <=1.5.1rc1), acapy-agent-jamie-testing (=1.3.1rc1) +471 more potentially affected by CVE-2026-32597 via pyjwt (>=2.0.0 <=2.11.0)

pyjwt PYPI version =2.0.0, =1.1.1, =0.1.1, =0.1.31, =0.1.0, =0.5.0, =1.89.5, =0.1.0, =0.0.1, =0.1.59, =0.2.47, =24.12.0, =1.29.7, =1.37.0 - anote-generate =0.3.0 and more Source cves: CVE-2026-32597 Source advisory: SNYK:PYTHON-PYJWT-15518059...

7.5CVSS6.6AI score0.00269EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:43 a.m.6 views

Security Bulletin: IBM Edge Data Collector uses PyJWT-2.10.0-py3-none-any.whl which is vulnerable to CVE-2024-53861.

Summary IBM Edge Data Collector uses PyJWT-2.10.0-py3-none-any.whl which is vulnerable to CVE-2024-53861. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-53861 DESCRIPTION: pyjwt is a JSON Web Token implementation in Python. An...

7.5CVSS5.8AI score0.0081EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-0103

Malware in sbrugna...

7.5CVSS7.4AI score0.01804EPSS
Exploits0References9
Veracode
Veracode
added 2024/12/26 8:12 a.m.7 views

Incorrect Comparison

PyJWT is vulnerable to Incorrect Comparison. The vulnerability is due to improper handling of the iss claim check caused by the use of in for string comparison instead of strict equality, potentially allowing incorrect issuer values to pass validation...

7.5CVSS3.5AI score0.0081EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/14 12:0 a.m.7 views

The vulnerability of the JWT implementation in Python PyJWT, related to the use of cryptographic algorithms containing defects, allows attackers to compromise the integrity of the data.

The vulnerability of the JWT implementation in Python PyJWT is related to the absence of blocking for certain formats of the secret key. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the data...

7.8CVSS7.2AI score0.012EPSS
Exploits0References6Affected Software3
Tenable Nessus
Tenable Nessus
added 2022/07/20 12:0 a.m.36 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : PyJWT vulnerability (USN-5526-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5526-1 advisory. Aapo Oksman discovered that PyJWT incorrectly handled signatures constructed from SSH public keys. A remote attacker could use this to for...

7.5CVSS7.5AI score0.012EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/07/15 12:0 a.m.97 views

SUSE SLED15 / SLES15 Security Update : python-PyJWT (SUSE-SU-2022:2402-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2402-1 advisory. - PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an...

7.5CVSS7.4AI score0.012EPSS
Exploits0References4
Rows per page
Query Builder