Lucene search
+L

157 matches found

NVD
NVD
added yesterday10 views

CVE-2026-15013

The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authentication Bypass via SAML Signature Algorithm Confusion in all versions up to, and including, 5.4.3. The vulnerability exists because MoSAMLUtilities::mosamlcastkey reads the SignatureMethod Algorithm attribute directl...

9.8CVSS0.00304EPSS
Exploits0References7
EUVD
EUVD
added yesterday6 views

EUVD-2026-44866

The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authentication Bypass via SAML Signature Algorithm Confusion in all versions up to, and including, 5.4.3. The vulnerability exists because MoSAMLUtilities::mosamlcastkey reads the SignatureMethod Algorithm attribute directl...

9.8CVSS6AI score0.00304EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-15013

The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authentication Bypass via SAML Signature Algorithm Confusion in all versions up to, and including, 5.4.3. The vulnerability exists because MoSAMLUtilities::mosamlcastkey reads the SignatureMethod Algorithm attribute directl...

9.8CVSS6AI score0.00304EPSS
Exploits0References8
Cvelist
Cvelist
added yesterday38 views

CVE-2026-15013 SAML Single Sign On <= 5.4.3 - Unauthenticated Authentication Bypass via 'SAMLResponse' Parameter Signature Algorithm Confusion

The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authentication Bypass via SAML Signature Algorithm Confusion in all versions up to, and including, 5.4.3. The vulnerability exists because MoSAMLUtilities::mosamlcastkey reads the SignatureMethod Algorithm attribute directl...

9.8CVSS0.00304EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/29 9:16 p.m.6 views

CVE-2026-57997 Strapi users-permissions - JWT Algorithm Confusion via Missing Algorithm Configuration

Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS256. Attackers possessing the jwtSecret can mint tokens with non-standard HMAC variants to bypass...

6.3CVSS5.8AI score0.00147EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 9:16 p.m.24 views

CVE-2026-57997

The CVE concerns the Strapi users-permissions plugin where JWT algorithm restrictions are not enforced if plugin::users-permissions.jwt.algorithm is not explicitly configured. This allows the server to accept HS384 and HS512 tokens alongside HS256. An attacker who possesses the jwtSecret can mint...

6.3CVSS5.8AI score0.00147EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/29 9:16 p.m.5 views

CVE-2026-57997 Strapi users-permissions - JWT Algorithm Confusion via Missing Algorithm Configuration

Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS256. Attackers possessing the jwtSecret can mint tokens with non-standard HMAC variants to bypass...

6.3CVSS6AI score0.00147EPSS
Exploits0References6
NVD
NVD
added 2026/06/25 10:17 p.m.12 views

CVE-2026-11800

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to...

8.1CVSS0.00181EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/25 8:57 p.m.9 views

CVE-2026-11800 Org.keycloak:keycloak-services: keycloak: authentication bypass via jwt algorithm confusion

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to...

8.1CVSS5.7AI score0.00181EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 8:57 p.m.101 views

CVE-2026-11800

CVE-2026-11800 concerns Keycloak services and describes a JWT algorithm confusion vulnerability in the JWT Authorization Grant flow. The issue allows an attacker with valid client credentials to bypass signature verification by forging an assertion, enabling creation of unauthorized access tokens...

8.1CVSS5.8AI score0.00181EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/25 8:57 p.m.8 views

CVE-2026-11800

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to...

8.1CVSS5.8AI score0.00181EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/25 6:47 p.m.9 views

org.keycloak:keycloak-services: Keycloak: Authentication bypass via JWT algorithm confusion

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to...

8.1CVSS5.8AI score0.00181EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 1:7 p.m.41 views

CVE-2026-39999

CVE-2026-39999 is an authentication bypass in Apache APISIX caused by misconfigurations in the jwt-auth plugin. Affected versions are 2.2 through 3.16.0; the issue allows bypassing authentication via spoofed tokens. The entry is resolved by upgrading to v3.17.0, which fixes the vulnerability. Rel...

9.1CVSS5.9AI score0.00386EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 7:28 p.m.13 views

PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed

!NOTE Exploitation requires a verifier configured with both symmetric and asymmetric algorithms in algorithms=… and a raw-JSON JWK as the key= argument, both contrary to documented usage, hence the High attack-complexity rating. Summary When the verifier is decoding JSON Web Tokens, while...

7.4CVSS5.4AI score0.00394EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/06/15 7:28 p.m.7 views

GHSA-XGMM-8J9V-C9WX PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed

!NOTE Exploitation requires a verifier configured with both symmetric and asymmetric algorithms in algorithms=… and a raw-JSON JWK as the key= argument, both contrary to documented usage, hence the High attack-complexity rating. Summary When the verifier is decoding JSON Web Tokens, while...

7.4CVSS5.4AI score0.00394EPSS
Exploits1References4
Friends Of PHP
Friends Of PHP
added 2026/06/06 4:30 p.m.12 views

JWSVerifier uses algorithm from unprotected header, enabling algorithm confusion attacks

Summary JWSVerifier::getAlgorithm in src/Library/Signature/JWSVerifier.php line 144 merges protected and unprotected headers using PHP's spread operator: php $completeHeader = ...$signature-getProtectedHeader, ...$signature-getHeader; In PHP, when spreading arrays with duplicate string keys, the...

5.4AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/06 4:30 p.m.11 views

JWSVerifier uses algorithm from unprotected header, enabling algorithm confusion attacks

Summary JWSVerifier::getAlgorithm in src/Library/Signature/JWSVerifier.php line 144 merges protected and unprotected headers using PHP's spread operator: php $completeHeader = ...$signature-getProtectedHeader, ...$signature-getHeader; In PHP, when spreading arrays with duplicate string keys, the...

5.4AI score
Exploits0Affected Software1
GithubExploit
GithubExploit
added 2026/05/22 4:17 p.m.136 views

jwt-pwn

jwt-pwn A zero-dependency Python 3 toolkit for discovering an...

9.8CVSS7.4AI score0.08655EPSS
Exploits3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.10 views

SUSE CVE-2026-44699

LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to run with a zero-length key, so an attacker can forge a valid...

9.1CVSS5.8AI score0.00209EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/15 5:16 p.m.8 views

CVE-2026-44699

LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to run with a zero-length key, so an attacker can forge a valid...

9.1CVSS5.8AI score0.00209EPSS
Exploits0References2
Rows per page
Query Builder