CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

Snyk•added 2026/03/13 8:3 p.m.•3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...

9.3CVSS5.9AI score0.00109EPSS

Exploits1References2

CVE•added 2025/09/27 12:22 a.m.•21 views

CVE-2025-59936

The CVE-2025-59936 issue affects get-jwks prior to 11.0.2, where a design flaw allows cache poisoning of the JWKS cache to bypass issuer validation. If iss is validated after keys are retrieved from the cache, an attacker can craft JWTs to place a chosen public key in the shared cache and then re...

9.4CVSS6.1AI score0.00063EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 4:12 a.m.•5 views

CVE-2023-39846

An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token...

9.8CVSS7AI score0.0019EPSS

Exploits1References1

Cvelist•added 2024/04/24 12:0 a.m.•11 views

CVE-2024-33531

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM...

6.8AI score0.00103EPSS

Exploits0References3

Vulnrichment•added 2023/11/20 12:0 a.m.•11 views

CVE-2023-48176

An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt JSON web token...

7.2AI score0.00233EPSS

Exploits0References1

CVE•added 2023/11/20 12:0 a.m.•30 views

CVE-2023-48176

CVE-2023-48176 affects WebsiteGuide v0.2, where an insecure permissions issue could let a remote attacker escalate privileges by presenting a crafted JWT. Documents consistently describe this vulnerability across multiple feeds, listing WebsiteGuide 0.2 as the affected version and citing privileg...

9.8CVSS9.4AI score0.00233EPSS

Exploits0References1Affected Software1

NVD•added 2023/11/02 10:15 p.m.•8 views

CVE-2023-31579

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token...

9.8CVSS9.2AI score0.00219EPSS

Exploits0References2

Prion•added 2023/10/25 6:17 p.m.•15 views

Design/Logic Flaw

light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token...

2.6CVSS5.6AI score0.00174EPSS

Exploits1References2Affected Software1

Prion•added 2023/08/16 10:15 p.m.•19 views

Authentication flaw

An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token...

7.5CVSS9.2AI score0.0019EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2023/08/16 12:0 a.m.•11 views

CVE-2023-39846

An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token...

7.2AI score0.0019EPSS

Exploits1References1

Cvelist•added 2023/08/16 12:0 a.m.•11 views

CVE-2023-39846

An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token...

9.6AI score0.0019EPSS

Exploits1References1

Cvelist•added 2017/10/12 2:0 p.m.•10 views

CVE-2017-10862

jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token...

5.2AI score0.0023EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by