EUVD-2026-38170

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected...

CVE-2026-48526

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...

Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the uri parameter being passed directly to urllib.request.urlopen, which allows fetching resources using unsupported schemes such as file, ftp, and data. An attacker can access...

CVE-2021-47942

CVE-2021-47942 concerns Home Assistant Community Store (HACS) 1.10.0. The vulnerability is a path traversal flaw exposed via the /hacsfiles/ endpoint, allowing unauthenticated attackers to read sensitive files (notably .storage/auth) and retrieve credentials/refresh tokens. With this access, an a...

CVE-2026-6911

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the...

Exploit for Authentication Bypass by Spoofing in Python-Jwt_Project Python-Jwt

CVE-2022-39227 JWT Authentication Bypass Demo Project Goal...

CVE-2026-40514 SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...

CVE-2026-39911 Hashgraph Guardian 3.5.1 Unsandboxed JavaScript Execution RCE

Hashgraph Guardian through version 3.5.1, fixed in commit 45fbe2f, contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to execute arbitrary code by passing user-supplied JavaScript expressions directl...

CVE-2026-23696

Windmill CVE-2026-23696 affects Windmill CE/EE versions 1.276.0–1.603.2. The vulnerability is an SQL injection in the folder ownership management functionality that can be triggered by an authenticated user via the owner parameter, enabling reading of sensitive data (e.g., JWT signing secret and ...

LoLLMs 安全漏洞

LoLLMs is a large language and multimodal system personally developed by Saifeddine ALOUI. Version 2.1.0 of LoLLMs contains a security vulnerability. This vulnerability arises from the use of weak keys for signing JSON Web Tokens, leading to improper access control. This could allow attackers to...

PT-2026-30914

Name of the Vulnerable Software and Affected Versions Windmill CE and EE versions 1.276.0 through 1.603.2 Description Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality. Authenticated attackers can inject SQL...

CVE-2026-33746

Convoy (KVM server management panel) is vulnerable in versions 3.9.0-beta through

PT-2026-29788

Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...

CVE-2026-34240

JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...

CVE-2026-33322

MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-16Z, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and...

CVE-2026-33322

MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-16Z, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and...

GHSA-FMFG-9G7C-3VQ7 ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle

Summary The ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional co...

ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle

Summary The ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional co...

Exploit for CVE-2026-29000

CVE-2026-29000: pac4j-jwt JwtAuthenticator authentication bypa...

CVE-2026-27754

CVE-2026-27754 affects SODOLA SL902-SWTGW124AS firmware up to version 200.1.20, where a cryptographically broken MD5 hash is used to generate session cookies. This can enable predictable tokens and potential unauthorized access to the device due to MD5 weaknesses and token forgery. The descriptio...