Lucene search
K

5 matches found

NVD
NVD
added 2026/04/24 5:16 p.m.5 views

CVE-2026-6911

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the...

9.8CVSS0.00254EPSS
Exploits0References3
NVD
NVD
added 2026/04/02 4:16 p.m.5 views

CVE-2026-33746

Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...

9.8CVSS0.003EPSS
Exploits0References2
CVE
CVE
added 2026/03/24 7:5 p.m.15 views

CVE-2026-33322

CVE-2026-33322 (MinIO) is a JWT algorithm confusion vulnerability in MinIO’s OpenID Connect authentication. From RELEASE.2022-11-08T05-27-07Z up to but not including RELEASE.2026-03-17T21-25-16Z, an attacker who knows the OIDC ClientSecret can forge arbitrary identity tokens and obtain S3 credent...

9.8CVSS5.8AI score0.0041EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.9 views

PT-2026-23074

Name of the Vulnerable Software and Affected Versions pac4j-jwt versions prior to 4.5.9 pac4j-jwt versions prior to 5.7.9 pac4j-jwt versions prior to 6.3.3 Description An authentication bypass exists in the JwtAuthenticator component when processing encrypted JSON Web Tokens JWTs. Remote attacker...

10CVSS6.9AI score0.05856EPSS
Exploits17References58
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.11 views

pac4j-jwt 数据伪造问题漏洞

pac4j-jwt is an JWT authentication module developed by pac4j as open source. Versions of pac4j-jwt prior to 4.5.9, 5.7.9, and 6.3.3 contained a data manipulation vulnerability. This vulnerability stems from the JwtAuthenticator’s inability to properly handle encrypted JWTs, leading to an...

9.3CVSS6.7AI score0.05856EPSS
Exploits17References3
Rows per page
Query Builder