Lucene search
+L

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-7207

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00693EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 7:0 a.m.8 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in github.com/golang-jwt/jwt/v4 v4.4.2

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of github.com/golang-jwt/jwt/v4 v4.4.2 Vulnerability Details CVEID:CVE-2024-51744 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to...

3.1CVSS6.5AI score0.00521EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 3:58 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to asymmetric resource consumption in golang-jwt [CVE-2025-30204]

Summary IBM Watson Speech Services Cartridge is vulnerable to asymmetric resource consumption in golang-jwt, due to a flaw in the , the function parse.ParseUnverified splits CVE-2025-30204. Golang-jwt is included as part of our speech utilities. This vulnerabilitiy has been addressed. Please read...

7.5CVSS7.5AI score0.00693EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2025/03/27 3:46 p.m.19 views

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.8CVSS6.8AI score0.01261EPSS
Exploits0References2
NVD
NVD
added 2025/03/21 10:15 p.m.19 views

CVE-2025-30204

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

7.5CVSS0.00693EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/03/21 9:42 p.m.1 views

CVE-2025-30204

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

7.5CVSS7AI score0.00693EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/03/21 9:42 p.m.25 views

CVE-2025-30204

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

7.5CVSS6.6AI score0.00693EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/03/21 12:0 a.m.10 views

PT-2025-12455

Name of the Vulnerable Software and Affected Versions golang-jwt versions prior to 4.5.2 golang-jwt versions prior to 5.2.2 Description The issue affects the parse.ParseUnverified function, which splits untrusted data on periods. This can lead to allocations of On bytes when faced with a maliciou...

7.8CVSS8AI score0.00813EPSS
Exploits0References335
Positive Technologies
Positive Technologies
added 2024/11/04 12:0 a.m.10 views

PT-2024-34877

Name of the Vulnerable Software and Affected Versions golang-jwt versions prior to 4.5.1 Description The issue arises from unclear documentation of the error behavior in ParseWithClaims, potentially leading to situations where users do not properly check errors. Specifically, if a token is both...

10CVSS8.4AI score0.97999EPSS
Exploits34References230
Rows per page
Query Builder