9 matches found
Exploit for CVE-2026-29000
CVE-2026-29000 – pac4j JWT Authentication Bypass Python PoC...
CVE-2026-1916
The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks and an insecure authentication mechanism on the wpgsicallBackFuncAccept and wpgsicallBackFuncUpdate REST API functions in all versions up to, and...
PT-2026-7129
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak’s invitation token registration mechanism. The server does not verify the cryptographic signature of the JSON Web Token JWT. An attacker can modify the organization...
📄 Microsoft Sharepoint Authentication Bypass
This is a proof of concept exploit for a Microsoft Sharepoint authentication bypass vulnerability discovered in 2023. ============================================================================================================================================= | Title : SharePoint Authentication...
📄 Confluence 8.x Privilege Escalation
Metasploit module proof of concept exploit that demonstrates an authentication bypass vulnerability Confluence version 8.x. ============================================================================================================================================= | Title : Confluence 8.x...
AZL-65996 CVE-2024-48916 affecting package ceph for versions less than 16.2.10-9
Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...
google-oauth-client: Token signature not verified
A flaw was found in Google OAuth Java client's IDToken verifier, where it does not verify if the token is properly signed. This issue could allow an attacker to provide a compromised token with a custom payload that will pass the validation on the client side, allowing access to information outsi...
google-oauth-client: Token signature not verified
A flaw was found in Google OAuth Java client's IDToken verifier, where it does not verify if the token is properly signed. This issue could allow an attacker to provide a compromised token with a custom payload that will pass the validation on the client side, allowing access to information outsi...
Microsoft Live Accounts Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Outlook Web Access OWA regarding a possible unsigned token. An attacker who successfully exploited this vulnerability could have access to another person's email inbox. To exploit this vulnerability, an attacker would first have to replace an...