Lucene search
K

10 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.8 views

IBM MQ DoS (7271937)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7271937 advisory. - In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high...

7.5CVSS7.3AI score0.00244EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/06 1:34 a.m.10 views

CVE-2026-29000

pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT wi...

9.3CVSS6AI score0.05856EPSS
Exploits17References1
EUVD
EUVD
added 2026/03/05 12:31 a.m.7 views

EUVD-2026-9505

pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT wi...

10CVSS6AI score0.05856EPSS
Exploits17References4
BDU FSTEC
BDU FSTEC
added 2025/05/09 12:0 a.m.4 views

The vulnerability of the access point loading function in Cisco IOS XE wireless local control devices allows a attacker to execute arbitrary commands.

The vulnerability of the Cisco IOS XE wireless local area network controller’s Access Point AP loading function is related to the presence of a strictly encrypted JSON Web Token JWT. Exploiting this vulnerability allows an attacker to execute arbitrary commands by sending specially crafted HTTPS...

10CVSS7.7AI score0.17894EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/09 7:37 p.m.7 views

CVE-2022-32502

An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2...

8.3AI score0.0161EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/03/14 12:0 a.m.5 views

The vulnerability of the deserialize() function in the Jwcrypto Python library, which allows a hacker to trigger a denial-of-service attack.

The vulnerability of the deserialize function in the JavaScript library used by Jwcrypto for cryptography involves an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failure by sending a specially created JWE tok...

6.8CVSS6.4AI score0.0098EPSS
Exploits1References15Affected Software6
CNVD
CNVD
added 2020/10/11 12:0 a.m.3 views

CloudBees Jenkins SMS Notification Plugin Unauthorized Access Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Audit Trail Plugin is used in one of the audi...

3.3CVSS6.6AI score0.00331EPSS
Exploits0References1
CNVD
CNVD
added 2018/07/05 12:0 a.m.1 views

EncryptedToken Integer Overflow Vulnerability

EncryptedToken ECC is an Ether-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function of the smart contract implementation in ECC. An attacker can exploit this vulnerability to set the balance of any user to an arbitrary value...

7.5CVSS7.7AI score0.00926EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2017/03/24 1:46 p.m.21 views

Instagram Adds Two-Factor Authentication

Instagram became the latest in a long line of services over the years to offer users two-factor authentication this week. Kevin Systrom, co-founder and CEO of the Facebook-owned mobile photo-sharing app announced the feature on its blog Thursday afternoon. With the feature – accessible via Settin...

0.1AI score
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2016/09/08 12:0 a.m.37 views

FreeBSD : mailman -- CSRF hardening in parts of the web interface (9e50dcc3-740b-11e6-94a2-080027ef73ec)

The late Tokio Kikuchi reported : We may have to set lifetime for input forms because of recent activities on cross-site request forgery CSRF. The form lifetime is successfully deployed in frameworks like web.py or plone etc. Proposed branch lp:tkikuchi/mailman/form-lifetime implement lifetime in...

8.8CVSS7.2AI score0.0153EPSS
Exploits0References4
Rows per page
Query Builder