Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.11 views

CVE-2026-44459

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not...

3.8CVSS5.5AI score0.00216EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.16 views

CVE-2026-44459

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not...

3.8CVSS0.00216EPSS
Exploits0References1
OSV
OSV
added 2026/05/09 12:45 a.m.3 views

GHSA-HM8Q-7F3Q-5F36 Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

Summary Improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not exploitable by an anonymous attacker; it only manifests when a malformed claim value reaches...

3.8CVSS5.8AI score0.00216EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-25537

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic...

7.5CVSS5.9AI score0.00443EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/02/04 10:15 p.m.6 views

CVE-2026-25537

jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s...

7.5CVSS5.8AI score0.00443EPSS
Exploits1References3
OSV
OSV
added 2026/02/04 9:31 p.m.5 views

CVE-2026-25537 jsonwebtoken has Type Confusion that leads to potential authorization bypass

jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s...

6.9CVSS5.4AI score0.00443EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.6 views

jsonwebtoken 安全漏洞

jsonwebtoken is an implementation of a JSON Web Token developed by Auth0 as open source. Versions of jsonwebtoken prior to 10.3.0 contained a security vulnerability. This vulnerability stemmed from a declaration verification logic that had type confusion issues, which could lead to bypassing...

7.5CVSS5.8AI score0.00443EPSS
Exploits1References2
Rows per page
Query Builder