Lucene search
+L

5 matches found

Cvelist
Cvelist
added 5 days ago25 views

CVE-2026-55954 Missing ID token claim validation in ueberauth_apple allows account takeover

Authentication Bypass by Spoofing vulnerability in ueberauth ueberauthapple allows account takeover via unvalidated ID token claims. The Ueberauth.Strategy.Apple.Token.payload/2 function verifies the JWT signature of the callback idtoken against Apple's JWKS but does not validate any registered...

9.1CVSS0.00411EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.14 views

CVE-2026-35041

fast-jwt provides fast JSON Web Token JWT implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured using a regular expression. Because the aud claim is attacker-controlled and the library evaluates it against the...

6.5CVSS5.4AI score0.00262EPSS
Exploits1References1
Veracode
Veracode
added 2026/04/17 8:17 a.m.10 views

Regular Expression Denial Of Service

fast-jwt is vulnerable to Regular Expression Denial of Service. The vulnerability is due to the library allowing regular expressions in claim validation, where a crafted JWT can trigger catastrophic backtracking in the JavaScript regex engine, resulting in significant CPU consumption during...

6.5CVSS5.7AI score0.00262EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2796

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0045EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/10/09 1:30 p.m.44 views

CVE-2023-36820 micronaut security has invalid IdTokenClaimsValidator logic on aud

Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips aud claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut...

4.8CVSS6.6AI score0.0045EPSS
Exploits1References2
Rows per page
Query Builder