226 matches found
CVE-2026-55954 Missing ID token claim validation in ueberauth_apple allows account takeover
Authentication Bypass by Spoofing vulnerability in ueberauth ueberauthapple allows account takeover via unvalidated ID token claims. The Ueberauth.Strategy.Apple.Token.payload/2 function verifies the JWT signature of the callback idtoken against Apple's JWKS but does not validate any registered...
CVE-2026-56665
ZITADEL's external JWT Identity Provider validation (internal/idp/providers/jwt/session.go) does not enforce expiration when an incoming token omits the exp claim, causing tokens from trusted issuers to be treated as valid without an automatic expiration window. Affected releases: 3.0.0-rc.1 thro...
CVE-2026-56664
ZITADEL’s external JWT Identity Provider validation (internal/idp/providers/jwt/session.go) did not enforce maximum token age (missing iat) in tokens, allowing arbitrarily old tokens from a trusted issuer to pass authentication. Affected: ZITADEL core platform; vulnerable code path in the JWT IdP...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the JWT validation process. An attacker can maintain persistent unauthorized access by presenting tokens that omit the exp and iat claims, thereby bypassing session expiration and freshness checks. Thi...
CVE-2026-53776
Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validateexp = false in the verifydecode helper within the stdlib JWT verification path. Attackers in possession of a previously issued...
Malicious code in gt-tester-exp-profiler-exp-00000017 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1490f970bd52c80c89f33029f9e875f1fb595014621d50e0ce87a167d1cd348 setup.py installs a site-wide.pth file gttesterexpprofilerexp00000017probe.pth into site-packages that imports the package's probe module and calls...
NPM: Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()
NPM: Hono has improper validation of NumericDate claims exp, nbf, iat in JWT verify vulnerability discovered by ? in WordPress Npm hono versions 4.12.18...
Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()
Summary Improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not exploitable by an anonymous attacker; it only manifests when a malformed claim value reaches...
JLSEC-2026-216 There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with...
There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011237)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011237 advisory. In the Linux kernel, the following vulnerability has been resolved: rcu: Protect rcuprinttaskexpstall -exptasks access For kernels built with CONFIGPREEMPTRCU=y, the...
CVE-2026-35040
fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.1, using certain modifiers on RegExp objects in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options in verify functions can cause certain unintended behaviours. This is because some modifiers are statef...
GHSA-CJW9-GHJ4-FWXF fast-jwt has a ReDoS when using RegExp in allowed* leading to CPU exhaustion during token verification
⚠️ IMPORTANT CLARIFICATIONS Affected Configurations This vulnerability ONLY affects applications that: - Use RegExp objects not strings in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options - Configure patterns susceptible to catastrophic backtracking - Example: allowedAud...
EUVD-2026-20898
fast-jwt: Stateful RegExp /g or /y causes non-deterministic allowed-claim validation logical DoS...
CVE-2026-35040 fast-jwt: Stateful RegExp (/g or /y) causes non-deterministic allowed-claim validation (logical DoS)
fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.1, using certain modifiers on RegExp objects in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options in verify functions can cause certain unintended behaviours. This is because some modifiers are statef...
Locutus Prototype Pollution due to incomplete fix for CVE-2026-25521
Summary A prototype pollution vulnerability exists in the parsestr function of the npm package locutus. An attacker can pollute Object.prototype by overriding RegExp.prototype.test and then passing a crafted query string to parsestr, bypassing the prototype pollution guard. This vulnerability ste...
PT-2026-6316
Name of the Vulnerable Software and Affected Versions jsonwebtoken versions prior to 10.3.0 Description A Type Confusion issue exists in jsonwebtoken, specifically within its claim validation logic. When a standard claim, such as 'nbf' or 'exp', is provided with an incorrect JSON type like a Stri...
CVE-2026-23956 seroval affected by Denial of Service via RegExp serialization
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 0.2.0 through 1.4.0, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegE...
CVE-2026-23956
CVE-2026-23956 concerns the seroval JavaScript value-stringification library. A flaw in RegExp serialization during deserialization allows memory exhaustion and, in some cases, Regular Expression Denial of Service (ReDoS). Affected versions are 1.4.0 and below; the issue is fixed in 1.4.1. Public...
EUVD-2025-199702
Malicious code in atlassian-exp PyPI...
Malicious code in atlassian-exp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 802483ac3ec3749092037040a0a50ed9fa329232a832ac15fd5a0c692c42a9fd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...