6 matches found
fast-jwt accepts unknown `crit` header extensions (RFC 7515 violation)
Summary fast-jwt does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that fast-jwt does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. ---...
EUVD-2021-2354
Malware in sbrugna...
PT-2024-16665 · WordPress · Social Login
Name of the Vulnerable Software and Affected Versions: Social Login plugin for WordPress versions up to, and including, 5.9.0 Description: The issue is due to insufficient verification on the user being returned by the social login token, making it possible for unauthenticated attackers to log in...
CVE-2024-10114
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as...
CVE-2022-39263 NextAuth.js Upstash Adapter missing token verification
@next-auth/upstash-redis-adapter is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation...
Microsoft windows kernel mode driver kernel information disclosure vulnerability (CNVD-2015-01617)
Microsoft Windows is a popular operating system. A security vulnerability exists in the Microsoft windows kernel mode driver due to the program not properly verifying the calling thread token. The vulnerability allows an attacker to obtain administrator authentication credentials, which can be us...