CVE-2026-47123

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent user replies based on In-Reply-To / References headers. The notification reply path...

PT-2026-44993

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent user replies based on In-Reply-To / References headers. The notification reply path...

GHSA-C32J-VQHX-RX3X ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351

JWT.decodetoken, '', true, algorithm: 'HS256' accepts an attacker-forged token. OpenSSL::HMAC.digest'SHA256', '', payload returns a valid digest under an empty key, and no raise InvalidKeyError if key.empty? precondition exists in the HMAC algorithm. JWT.decodetoken, "", true, algorithm: 'HS256' ...

ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351

JWT.decodetoken, '', true, algorithm: 'HS256' accepts an attacker-forged token. OpenSSL::HMAC.digest'SHA256', '', payload returns a valid digest under an empty key, and no raise InvalidKeyError if key.empty? precondition exists in the HMAC algorithm. JWT.decodetoken, "", true, algorithm: 'HS256' ...

ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351

JWT.decodetoken, '', true, algorithm: 'HS256' accepts an attacker-forged token. OpenSSL::HMAC.digest'SHA256', '', payload returns a valid digest under an empty key, and no raise InvalidKeyError if key.empty? precondition exists in the HMAC algorithm. JWT.decodetoken, "", true, algorithm: 'HS256' ...

CVE-2026-4662

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listingloadmore AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filteredquery parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass security...

EUVD-2026-14743

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listingloadmore AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filteredquery parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass security...

CVE-2026-4662

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listingloadmore AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filteredquery parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass security...

OpenVPN HMAC Verification Vulnerability Bypass (Nov 2025) - Windows

OpenVPN is prone to a hmac bypass verification vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openvpn:openvpn";...

EUVD-2022-2037

Malicious code in bioql PyPI...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics

Summary IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin. Vulnerability Details CVEID:CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT could provide...

CVE-2023-34471

AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code HMAC. A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication...

Nimbus JOSE+JWT missing overflow check

In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data AAD and ciphertext so that different plaintext is obtained for the same HMAC...

GHSA-2QP9-WG27-9PCV Nimbus JOSE+JWT missing overflow check

In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data AAD and ciphertext so that different plaintext is obtained for the same HMAC...

Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product

Summary DB2 contains several vulnerabilities which can affect the IBM Performance Management product. Some of the information about security vulnerabilities affecting DB2 has been published in security bulletins. Vulnerability Details CVEID: CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT...

Security Bulletin: Public disclosed vulnerability from Nimbus-JOSE-JWT affects IBM Spectrum LSF

Summary Public disclosed vulnerability from Nimbus-JOSE-JWT affects IBM Spectrum LSF Vulnerability Details CVE-2017-16007 BDSA-2017-0101 Nimbus JOSE+JWT implemented the ECDH-ES encryption option of the 'JSON Web Encryption' standard in a way that is vulnerable to cryptanalysis. This would enable ...

Nimbus JOSE+JWT Security Bypass Vulnerability

Nimbus JOSE+JWT is an open source Java library . Nimbus JOSE+JWT fails to perform integer overflow detection, allowing remote attackers to exploit vulnerabilities to perform HMAC bypass attacks by sniffing AAD and ciphertext...

Integer overflow

In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data AAD and ciphertext so that different plaintext is obtained for the same HMAC...

CVE-2017-12972

In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data AAD and ciphertext so that different plaintext is obtained for the same HMAC...

CVE-2017-12972

CVE-2017-12972 : Nimbus JOSE+JWT before 4.39 has no integer-overflow check when converting length values from bytes to bits, enabling a remote attacker to perform a HMAC bypass by shifting AAD and ciphertext so different plaintext yields the same HMAC. Public records show this vulnerability discu...