Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.21 views

Linux Distros Unpatched Vulnerability : CVE-2026-48523

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or...

5.4CVSS6AI score0.00127EPSS
Exploits1References4
PyPA
PyPA
added 2026/05/28 4:16 p.m.12 views

PYSEC-2026-176

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00127EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/10/29 3:39 p.m.4 views

EUVD-2025-36567

FastMCP vulnerable to windows command injection in FastMCP Cursor installer via servername...

5.4CVSS7AI score0.00206EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/10/28 9:36 p.m.9 views

CVE-2025-62801 FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the servername field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This vulnerability is fix...

5.4CVSS0.00206EPSS
Exploits1References1
Rows per page
Query Builder