Lucene search
K

1716 matches found

Vulnrichment
Vulnrichment
added 2026/06/16 3:30 a.m.7 views

CVE-2026-6964 Video Conferencing with Zoom <= 4.6.7 - Missing Authorization to Unauthenticated Zoom SDK Credential Exposure via 'get_auth' AJAX Action

The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to obtain...

5.3CVSS5.3AI score0.00323EPSS
Exploits0References8
CVE
CVE
added 2026/06/16 3:30 a.m.15 views

CVE-2026-6964

The CVE-2026-6964 entry covers the WordPress plugin Video Conferencing with Zoom (versions up to 4.6.7). It states an authorization bypass in the get_auth AJAX action, allowing unauthenticated attackers to obtain the site’s Zoom SDK API key and a freshly-signed JWT usable with the Zoom Web SDK to...

5.3CVSS5.3AI score0.00323EPSS
Exploits0References8
Fedora
Fedora
added 2026/06/16 1:11 a.m.17 views

[SECURITY] Fedora 43 Update: perl-Mojo-JWT-1.02-1.fc43

JSON Web Token is described in https://tools.ietf.org/html/rfc7519. Mojo::JWT implements that standard with an API that should feel familiar to Mojolicious users though of course it is useful elsewhere. Indeed, JWT is much like Mojolicious::Sessions except that the result is a URL-safe text strin...

5.3AI score
Exploits0
Fedora
Fedora
added 2026/06/16 1:3 a.m.21 views

[SECURITY] Fedora 44 Update: perl-Mojo-JWT-1.02-1.fc44

JSON Web Token is described in https://tools.ietf.org/html/rfc7519. Mojo::JWT implements that standard with an API that should feel familiar to Mojolicious users though of course it is useful elsewhere. Indeed, JWT is much like Mojolicious::Sessions except that the result is a URL-safe text strin...

5.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-50121

Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration callback signed an attacker-controlled JSON blob into a session-shape JWT using the application's JWT SECRET, and the auth middleware trusted every claim in that JWT without re-resolving the user from...

9.9CVSS5.4AI score0.00209EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.25 views

PT-2026-51224

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description The Docker API server contains an authentication bypass issue caused by a hardcoded default JWT JSON Web Token signing key. A JWT is a compact, URL-safe means of representing claims to be transferre...

9.8CVSS5.9AI score0.00407EPSS
Exploits0References19
EUVD
EUVD
added 2026/06/15 5:28 p.m.12 views

EUVD-2026-32916

PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values DoS...

3.7CVSS5.1AI score0.00222EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/15 2:36 p.m.9 views

CVE-2026-50627

A flaw was found in Apache CXF. The JwtAccessTokenValidator class fails to properly validate the 'aud' Audience claims within incoming JSON Web Token JWT access tokens. This vulnerability allows an attacker to reuse a JWT, originally intended for one resource server, against a different resource...

9.1CVSS4.8AI score0.00445EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/15 2:41 a.m.11 views

python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...

7.4CVSS5.4AI score0.00394EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/12 9:3 p.m.34 views

CVE-2026-53519 Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard's NoRoute handler treats any URL whose raw string starts with /dashboard as an admin-frontend asset request. The check uses strings.HasPrefi...

9.1CVSS0.00451EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:54 p.m.9 views

Security Bulletin: Security Vulnerability in Nimbus Jose JWT Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-53864)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Nimbus Jose JWT Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a...

5.8CVSS6.2AI score0.00806EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 5:7 p.m.13 views

CVE-2026-48558 SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a...

10CVSS5.5AI score0.0116EPSS
Exploits1References3
NVD
NVD
added 2026/06/12 10:16 a.m.13 views

CVE-2026-50627

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

9.1CVSS0.00445EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/12 8:55 a.m.9 views

EUVD-2026-36395

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

5.1AI score0.00445EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48846

Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 4.2.2 Apache CXF versions prior to 4.1.7 Description The JwtAccessTokenValidator class fails to validate the aud Audience claims of incoming JWT access tokens. This flaw enables a JWT issued for one Resource Server...

9.1CVSS5.2AI score0.00445EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/10 5:38 p.m.8 views

keycloak: Keycloak: Privilege escalation due to oversized subject_token JWT

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subjecttoken JSON Web Token JWT to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client...

8.8CVSS5.4AI score0.0032EPSS
Exploits0References4
NVD
NVD
added 2026/06/10 3:16 p.m.14 views

CVE-2026-53471

A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens JWTs for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the sourceid claim within these tokens against the requested source ID. This oversight allows an...

9.6CVSS0.00286EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 1:55 p.m.21 views

CVE-2026-53471

CVE-2026-53471 affects the migration-planner project, specifically the agent-api middleware. The UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the source_id claim in JWTs against the requested source ID. Root cause: missing validation allows an authenticated attacker with ...

9.6CVSS5.5AI score0.00286EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/10 1:55 p.m.43 views

CVE-2026-53471 Migration-planner: agent api ignores jwt source_id claim

A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens JWTs for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the sourceid claim within these tokens against the requested source ID. This oversight allows an...

9.6CVSS0.00286EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/10 1:55 p.m.23 views

CVE-2026-53471

A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens JWTs for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the sourceid claim within these tokens against the requested source ID. This oversight allows an...

9.6CVSS5.5AI score0.00286EPSS
Exploits0References4
Rows per page
Query Builder