74 matches found
CVE-2026-7872 Path Traversal Vulnerability in File Component Leading to Arbitrary File Read and Authentication Bypass
IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to read arbitrary files including the JWT signing key and forge authentication tokens for any user...
CVE-2026-7872
Summary: The vulnerability CVE-2026-7872 affects Langflow OSS 1.0.0–1.10.0, via a path traversal flaw in the File component’s tar archive extraction. An authenticated attacker can craft a tar with symbolic links, bypassing validation and causing extraction to create links outside the intended dir...
CVE-2026-54733
The Moodle integration for Microsoft 365/Entra ID (local_o365) is vulnerable prior to 4.5.6, 5.0.5, and 5.1.1. The Teams SSO endpoint sso_login.php base64-decodes a JWT payload and authenticates users based on the upn claim without verifying the JWT signature, enabling an unauthenticated attacker...
CVE-2026-56451
A vulnerability has been identified in Opcenter X All versions V2604. Affected applications do not properly validate the algorithm specified in the JSON Web Token JWT header. This could allow an unauthenticated remote attacker to forge arbitrary JWT, bypass authentication mechanisms and impersona...
CVE-2026-50160
Hoppscotch self-hosted deployments (Hoppscotch-backend
EUVD-2026-38170
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected...
CVE-2026-48526
A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the uri parameter being passed directly to urllib.request.urlopen, which allows fetching resources using unsupported schemes such as file, ftp, and data. An attacker can access...
CVE-2021-47942
CVE-2021-47942 concerns Home Assistant Community Store (HACS) 1.10.0. The vulnerability is a path traversal flaw exposed via the /hacsfiles/ endpoint, allowing unauthenticated attackers to read sensitive files (notably .storage/auth) and retrieve credentials/refresh tokens. With this access, an a...
CVE-2026-6911
Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the...
Exploit for Authentication Bypass by Spoofing in Python-Jwt_Project Python-Jwt
CVE-2022-39227 JWT Authentication Bypass Demo Project Goal...
CVE-2026-40514 SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG
SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...
CVE-2026-39911 Hashgraph Guardian 3.5.1 Unsandboxed JavaScript Execution RCE
Hashgraph Guardian through version 3.5.1, fixed in commit 45fbe2f, contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to execute arbitrary code by passing user-supplied JavaScript expressions directl...
CVE-2026-23696
Windmill CVE-2026-23696 affects Windmill CE/EE versions 1.276.0–1.603.2. The vulnerability is an SQL injection in the folder ownership management functionality that can be triggered by an authenticated user via the owner parameter, enabling reading of sensitive data (e.g., JWT signing secret and ...
PT-2026-30914
Name of the Vulnerable Software and Affected Versions Windmill CE and EE versions 1.276.0 through 1.603.2 Description Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality. Authenticated attackers can inject SQL...
LoLLMs 安全漏洞
LoLLMs is a large language and multimodal system personally developed by Saifeddine ALOUI. Version 2.1.0 of LoLLMs contains a security vulnerability. This vulnerability arises from the use of weak keys for signing JSON Web Tokens, leading to improper access control. This could allow attackers to...
CVE-2026-33746
Convoy (KVM server management panel) is vulnerable in versions 3.9.0-beta through
PT-2026-29788
Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...
CVE-2026-34240
JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...
CVE-2026-33322
MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-16Z, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and...