UBUNTU-CVE-2026-44699

LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to run with a zero-length key, so an attacker can forge a valid...

CVE-2026-44699

LibJWT (C JSON Web Token library) versions 3.0.0–3.3.2 are vulnerable when an RSA JWK without an alg parameter is used as the verification key for HS256/HS384/HS512. In the OpenSSL backend, this can cause HMAC verification to run with a zero-length key, enabling an attacker to forge a valid JWT w...

CVE-2026-44699

LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to run with a zero-length key, so an attacker can forge a valid...

EUVD-2026-30560

LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to run with a zero-length key, so an attacker can forge a valid...

CVE-2026-44699 LibJWT: Algorithm confusion allows JWT forgery with RSA JWK as empty-key HMAC

LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to run with a zero-length key, so an attacker can forge a valid...

PT-2026-41315

Name of the Vulnerable Software and Affected Versions LibJWT versions 3.0.0 through 3.3.2 Description LibJWT accepts an RSA JSON Web Key JWK lacking an alg parameter as the verification key for HS256, HS384, or HS512 tokens. When using the OpenSSL backend, this results in HMAC verification...

EUVD-2026-28800

Absinthe: Quadratic fragment-name uniqueness check...

Exploit for CVE-2026-29000

🚀 CVE-2026-29000 - pac4j-jwt Authentication Bypass Exploit !...

EUVD-2025-209779

A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions V6.1.4.9, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions V6.1.4.9, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M11 All versions, blueplanet 125 TL3 All...

CVE-2026-8072

Insecure generation of credentials in the local SAT Technical Support access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based on a secure cryptographic scheme, but rather on a weak hashing algorithm, which could allow an...

CVE-2025-40946

CVE-2025-40946 affects a wide range of blueplanet devices (NX3/TL3/TL3-S/TL3-GEN2, gridsafe, hybrid) across many models and versions. The root cause is a CRC16-based algorithm used to generate Technical Service credentials, which could enable an attacker to derive credentials from a device serial...

CLSA-2026-1778488897 java-1.8.0-openjdk: Fix of 8 CVEs

Update to shenandoah-jdk8u492-b09 - Security fixes from OpenJDK 8u492-b09: - CVE-2026-22003: enhance behavior of some intrinsics - CVE-2026-22007: enhance crypto algorithm support - CVE-2026-22013: improve Kerberos credentialing - CVE-2026-22018: enhance Zip file reading - CVE-2026-22021: enhance...

CVE-2026-5081

A flaw was found in Apache::Session::Generate::ModUniqueId, a Perl module designed to generate session identifiers. This module uses the Apache moduniqueid plugin's UNIQUEID environment variable directly as a session ID. The UNIQUEID is constructed from easily guessable information, such as the...

Key Encapsulation Mechanism-Based Integrated Encryption Scheme (KEM-IES)

The Elliptic Curve Integrated Encryption Scheme ECIES is widely regarded as a practical method and has been adopted by multiple standards. However, the advancement of quantum computing technologies poses potential security risks to ECIES. Therefore, this study proposes a Key Encapsulation...

RHEL 9 : kpatch-patch-5_14_0-611_36_1 and kpatch-patch-5_14_0-611_9_1 (RHSA-2026:15978)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:15978 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module ...

SUSE SLES15 Security Update : kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:1775-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1775-1 advisory. This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.37 fixes one security issue The following security issue was fixed: - CVE-2026-31431:...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: golang (UTSA-2026-016810)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016810 advisory. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non- linearly with respect to the size of the certificate. This...

EEF-CVE-2026-43967 Quadratic fragment-name uniqueness check causes denial of service in absinthe

Summary Inefficient Algorithmic Complexity vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via quadratic fragment-name uniqueness validation. 'Elixir.Absinthe.Phase.Document.Validation.UniqueFragmentNames':run/2 iterates over all fragments and for each one call...

SUSE-SU-2026:1773-1 Security update for the Linux Kernel (Live Patch 76 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.290 fixes various security issues The following security issues were fixed: - CVE-2026-23004: dst: fix races in rt6uncachedlistdel and rtdeluncachedlist bsc1258655. - CVE-2026-23204: net/sched: clsu32: use skbheaderpointercareful...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

markdown 🧬 ROSN-LR5 – Kernel LPE PoC & Mitigation Toolkit...