Lucene search
K

31 matches found

OSV
OSV
added 2026/05/26 10:49 p.m.10 views

GO-2026-4945 Go JOSE Panics in JWE decryption in github.com/go-jose/go-jose

The go-jose package is subject to a panic when decrypting certain JSON Web Encryption JWE tokens. This occurs when an attacker can provide a maliciously crafted JWE token that triggers an unhandled exception during the decryption process, leading to a denial-of-service...

7.5CVSS6.9AI score0.00651EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 6:21 p.m.10 views

JWCrypto: python-cryptography: python: JWCrypto: Memory exhaustion via crafted compressed JWE tokens

A flaw was found in JWCrypto, a Python library for JSON Web Key JWK, JSON Web Signature JWS, and JSON Web Encryption JWE specifications. An unauthenticated attacker can exploit this vulnerability by sending specially crafted JWE tokens that use ZIP compression. While the input token size is...

5.3CVSS5.8AI score0.00294EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/19 1:25 p.m.9 views

JWCrypto: python-cryptography: python: JWCrypto: Memory exhaustion via crafted compressed JWE tokens

A flaw was found in JWCrypto, a Python library for JSON Web Key JWK, JSON Web Signature JWS, and JSON Web Encryption JWE specifications. An unauthenticated attacker can exploit this vulnerability by sending specially crafted JWE tokens that use ZIP compression. While the input token size is...

5.3CVSS5.8AI score0.00294EPSS
Exploits1References5
OSV
OSV
added 2026/04/29 8:15 a.m.5 views

OPENSUSE-SU-2026:20644-1 Security update for python-jwcrypto

This update for python-jwcrypto fixes the following issues: - CVE-2026-39373: weak mitigation for JWT bomb attack in the deserialize function can lead to memory exhaustion via crafted compressed JWE tokens bsc1261802...

5.3CVSS5.8AI score0.00294EPSS
Exploits1References2
NVD
NVD
added 2026/04/07 8:16 p.m.5 views

CVE-2026-39373

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does not validate th...

5.3CVSS0.00294EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.6 views

PT-2026-24743

Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...

4.8CVSS5.9AI score0.00138EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : idm:client (AXSA:2024-8409:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8409:01 advisory. JWCrypto: denail of service Via specifically crafted JWE CVE-2023-6681 python-jwcrypto: malicious JWE token can cause denial of service CVE-2024-281...

6.8CVSS5.6AI score0.0098EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-3035

Malware in sbrugna...

5CVSS6.4AI score0.03773EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-2002

Malware in sbrugna...

9.8CVSS9.3AI score0.01301EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-48611

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00724EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:11 a.m.16 views

CVE-2016-5431

The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens...

7.5CVSS6.8AI score0.00821EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/30 12:0 a.m.4 views

PT-2023-25032

Name of the Vulnerable Software and Affected Versions: Temporal Server versions prior to 1.20 Description: Insecure defaults in the open-source Temporal Server allow an attacker to craft a task token with access to a namespace other than the one specified in the request. This can be done outside ...

3.6CVSS4.7AI score0.00166EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2022/07/19 8:15 p.m.3 views

CVE-2022-34536

Digital Watchdog DW MEGApix IP cameras A7.2.220211029 allows attackers to access the core log file and perform session hijacking via a crafted session token...

7.5CVSS5.8AI score0.00586EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/24 4:52 p.m.19 views

PHP JOSE Library by Gree Inc. Uses a Broken or Risky Cryptographic Algorithm

The PHP JOSE Library by Gree Inc. prior to 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens...

7.5CVSS2.6AI score0.00821EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/24 4:52 p.m.52 views

GHSA-XM5F-HC9R-76F3 PHP JOSE Library by Gree Inc. Uses a Broken or Risky Cryptographic Algorithm

The PHP JOSE Library by Gree Inc. prior to 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens...

7.5CVSS7.4AI score0.00821EPSS
Exploits0References3
OSV
OSV
added 2022/05/13 1:42 a.m.8 views

GHSA-R9JW-MWHQ-WP62 PyJWT vulnerable to key confusion attacks

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...

7.5CVSS5.9AI score0.01804EPSS
Exploits0References5
OSV
OSV
added 2019/08/07 3:15 p.m.19 views

CVE-2016-5431

The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens...

7.5CVSS6.8AI score
Exploits0References1
NVD
NVD
added 2019/08/07 3:15 p.m.22 views

CVE-2016-5431

The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens...

7.5CVSS7.5AI score0.00821EPSS
Exploits0References1
Prion
Prion
added 2019/08/07 3:15 p.m.16 views

Design/Logic Flaw

The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens...

5CVSS7AI score0.00821EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/07 3:13 p.m.30 views

CVE-2016-5431

The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens...

7.5AI score0.00821EPSS
Exploits0References1
Rows per page
Query Builder