Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.12 views

CVE-2026-35041

fast-jwt provides fast JSON Web Token JWT implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured using a regular expression. Because the aud claim is attacker-controlled and the library evaluates it against the...

6.5CVSS5.4AI score0.00262EPSS
Exploits1References1
OSV
OSV
added 2026/04/28 3:16 p.m.6 views

UBUNTU-CVE-2026-7320

Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1...

7.5CVSS5.8AI score0.00323EPSS
Exploits0References4
Veracode
Veracode
added 2026/04/17 8:17 a.m.9 views

Regular Expression Denial Of Service

fast-jwt is vulnerable to Regular Expression Denial of Service. The vulnerability is due to the library allowing regular expressions in claim validation, where a crafted JWT can trigger catastrophic backtracking in the JavaScript regex engine, resulting in significant CPU consumption during...

6.5CVSS5.7AI score0.00262EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/09 2:55 p.m.15 views

CVE-2026-35041 ReDoS in fast-jwt when using RegExp in allowed* leading to CPU exhaustion during token verification

fast-jwt provides fast JSON Web Token JWT implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured using a regular expression. Because the aud claim is attacker-controlled and the library evaluates it against the...

4.2CVSS0.00262EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/11/25 12:0 a.m.10 views

CVE-2025-9803 Improper Authentication in lunary-ai/lunary

lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' audience field in the access token issued by Google, which is crucial for ensuring the token is intended for the...

9.3CVSS0.00417EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2025/10/22 3:21 p.m.10 views

Hono Improper Authorization vulnerability

Improper Authorization in Hono JWT Audience Validation Hono’s JWT authentication middleware did not validate the aud Audience claim by default. As a result, applications using the middleware without an explicit audience check could accept tokens intended for other audiences, leading to potential...

8.1CVSS6.7AI score0.0035EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2796

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0045EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2024/10/02 3:35 p.m.2 views

CVE-2024-47806

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a1de8 and earlier does not check the aud Audience claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins...

8.1CVSS7.4AI score0.00636EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/09 1:30 p.m.18 views

CVE-2023-36820 micronaut security has invalid IdTokenClaimsValidator logic on aud

Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips aud claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut...

4.8CVSS6.6AI score0.0045EPSS
Exploits1References2
Microsoft KB
Microsoft KB
added 2022/01/25 12:0 a.m.4 views

January 25, 2022—KB5009616 (OS Build 17763.2510) Preview

January 25, 2022—KB5009616 OS Build 17763.2510 Preview 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page. Highlights Updates...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2020/09/30 10:37 p.m.40 views

CVE-2020-26160

A vulnerability was found in jwt-go where it is vulnerable to Access Restriction Bypass if m"aud" happens to be string, as allowed by the spec, the type assertion fails and the value of aud is "". This can cause audience verification to succeed even if the audiences being passed are incorrect if...

7.5CVSS2.6AI score0.0214EPSS
Exploits0References4
exploitpack
exploitpack
added 2006/05/06 12:0 a.m.104 views

VP-ASP 6.00 - shopcurrency.asp SQL Injection

VP-ASP 6.00 - shopcurrency.asp SQL Injection VP-ASP 6.00 SQL Injection / Exploit by [email protected] people claimed there is some underground sploit for vp-asp 6.00 and I was sure that if a sploit really exist in the ug i can find the bug and make a small hack for it ^^ well it didn't...

0.3AI score
Exploits0
Rows per page
Query Builder