5455 matches found
CVE-2026-27442
The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gateway...
EUVD-2026-9505
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT wi...
pac4j-jwt: JwtAuthenticator Authentication Bypass via JWE-Wrapped PlainJWT
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT wi...
GHSA-PM7G-W2CF-Q238 pac4j-jwt: JwtAuthenticator Authentication Bypass via JWE-Wrapped PlainJWT
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT wi...
Nginx UI 安全漏洞
Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.3 contained security vulnerabilities. These vulnerabilities stemmed from the /api/backup endpoint, which allowed access without authentication, thereby exposing encrypted keys. This could enable unverified...
CVE-2026-29000
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT wi...
CVE-2026-29000 pac4j-jwt JwtAuthenticator Authentication Bypass
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT wi...
CVE-2026-29000 pac4j-jwt JwtAuthenticator Authentication Bypass
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT wi...
CVE-2026-29000
CVE-2026-29000 affects pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3. The issue is an authentication bypass in JwtAuthenticator when handling encrypted JWTs, enabling an attacker who has the server’s RSA public key to forge a JWE-wrapped PlainJWT with arbitrary subject and role claims. This...
CVE-2026-20050 Cisco Secure Firewall Threat Defense Decryption Policy Denial of Service Vulnerability
A vulnerability in the Do Not Decrypt exclusion feature of the SSL decryption feature of Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper memory...
CVE-2026-20049
A vulnerability in the processing of Galois/Counter Mode GCM-encrypted Internet Key Exchange version 2 IKEv2 IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker to cause...
Cisco Secure Firewall Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability
A vulnerability in the Do Not Decrypt exclusion feature of the SSL decryption feature of Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper memory...
Exploit for Type Confusion in Apple Ipados
Coruna Exploit Kit - Deobfuscated CVE-2024-23222 HEAVILY B...
Phishing in 2026: 3 Attack Tactics That Beat Most Enterprise Defenses
Phishing drives about 90% of cyberattacks in 2026, using tactics like encrypted flows, QR code scams, and trusted cloud platforms to steal credentials...
EUVD-2026-9378
The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gateway...
CVE-2026-2747
SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor...
CVE-2026-27442
The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gateway...
CVE-2026-27442
The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gateway...
CVE-2026-27442 zip_attachments Path Traversal
The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gateway...
CVE-2026-27442 zip_attachments Path Traversal
The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gateway...