Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/04/03 10:1 p.m.14 views

fast-jwt accepts unknown `crit` header extensions (RFC 7515 violation)

Summary fast-jwt does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that fast-jwt does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. ---...

7.5CVSS5.9AI score0.00155EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-2354

Malware in sbrugna...

9.8CVSS8.1AI score0.02294EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.5 views

PT-2024-16665 · WordPress · Social Login

Name of the Vulnerable Software and Affected Versions: Social Login plugin for WordPress versions up to, and including, 5.9.0 Description: The issue is due to insufficient verification on the user being returned by the social login token, making it possible for unauthenticated attackers to log in...

9.8CVSS9.6AI score0.0117EPSS
Exploits0References8
OSV
OSV
added 2024/11/05 9:15 a.m.5 views

CVE-2024-10114

The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as...

8.1CVSS5.8AI score0.00524EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/28 9:5 p.m.8 views

CVE-2022-39263 NextAuth.js Upstash Adapter missing token verification

@next-auth/upstash-redis-adapter is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation...

6.8CVSS8.2AI score0.00583EPSS
Exploits0References2
CNVD
CNVD
added 2015/03/12 12:0 a.m.4 views

Microsoft windows kernel mode driver kernel information disclosure vulnerability (CNVD-2015-01617)

Microsoft Windows is a popular operating system. A security vulnerability exists in the Microsoft windows kernel mode driver due to the program not properly verifying the calling thread token. The vulnerability allows an attacker to obtain administrator authentication credentials, which can be us...

7.2CVSS6.8AI score0.0168EPSS
Exploits2References1
Rows per page
Query Builder