Lucene search
K

1571 matches found

Vulnrichment
Vulnrichment
added 2026/05/15 4:8 p.m.8 views

CVE-2026-44699 LibJWT: Algorithm confusion allows JWT forgery with RSA JWK as empty-key HMAC

LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to run with a zero-length key, so an attacker can forge a valid...

9.1CVSS5.8AI score0.00209EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 4:8 p.m.11 views

EUVD-2026-30560

LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to run with a zero-length key, so an attacker can forge a valid...

9.1CVSS5.8AI score0.00209EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 4:8 p.m.25 views

CVE-2026-44699

LibJWT (C JSON Web Token library) versions 3.0.0–3.3.2 are vulnerable when an RSA JWK without an alg parameter is used as the verification key for HS256/HS384/HS512. In the OpenSSL backend, this can cause HMAC verification to run with a zero-length key, enabling an attacker to forge a valid JWT w...

9.1CVSS5.8AI score0.00209EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 4:8 p.m.44 views

CVE-2026-44699 LibJWT: Algorithm confusion allows JWT forgery with RSA JWK as empty-key HMAC

LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to run with a zero-length key, so an attacker can forge a valid...

9.1CVSS0.00209EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.13 views

PT-2026-41315

Name of the Vulnerable Software and Affected Versions LibJWT versions 3.0.0 through 3.3.2 Description LibJWT accepts an RSA JSON Web Key JWK lacking an alg parameter as the verification key for HS256, HS384, or HS512 tokens. When using the OpenSSL backend, this results in HMAC verification...

9.1CVSS5.8AI score0.00209EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.12 views

CVE-2026-44351

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an...

9.1CVSS6AI score0.00236EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 7:35 p.m.7 views

CVE-2026-8596 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/14 7:35 p.m.6 views

CVE-2026-8596

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/14 7:35 p.m.34 views

CVE-2026-8596 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

8.5CVSS0.00439EPSS
Exploits0References4
OSV
OSV
added 2026/05/14 7:35 p.m.4 views

CVE-2026-8596 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

8.5CVSS6.4AI score0.00439EPSS
Exploits0References6
CVE
CVE
added 2026/05/14 7:35 p.m.24 views

CVE-2026-8596

CVE-2026-8596: The ModelBuilder/Serve path in the Amazon SageMaker Python SDK stores the HMAC signing key in cleartext. A remote, authenticated actor with SageMaker describe API permissions and S3 write access to the model artifact path could extract the key from API responses and forge integrity...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Amazon SageMaker Python SDK 安全漏洞

Amazon SageMaker Python SDK is a development toolkit provided by Amazon, Inc., for building, training, and deploying machine learning models. Versions of the Amazon SageMaker Python SDK prior to v2.257.2 and v3.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 7:12 p.m.9 views

CVE-2026-44351

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an...

9.1CVSS6AI score0.00236EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 7:12 p.m.7 views

CVE-2026-44351 fast-jwt: Empty HMAC secret accepted via async key resolver - JWT auth bypass

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an...

9.1CVSS6AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 3:34 p.m.13 views

CVE-2026-43330

A flaw was found in the Linux kernel's caam cryptographic accelerator driver. When processing a Hash-based Message Authentication Code HMAC key that exceeds the block size, the driver incorrectly handles memory allocation and copying. This can lead to an overflow, where the system attempts to rea...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/13 3:48 a.m.14 views

SUSE CVE-2026-7818

Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...

7.3CVSS6.5AI score0.00131EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.15 views

PT-2026-41777

Name of the Vulnerable Software and Affected Versions ruby-jwt affected versions not specified Description A flaw in the authentication procedure allows the library to accept forged tokens when an empty string is used as the verification key. This occurs because the HMAC algorithm lacks a...

9.1CVSS7AI score0.00018EPSS
Exploits0References14
OSV
OSV
added 2026/05/12 3:9 p.m.21 views

GHSA-X3R2-FJ3R-G5MV sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)

In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encoded JSON, NOT encrypted. Any party who could observe a minted token CI build logs, container env dumps...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References3
OSV
OSV
added 2026/05/11 6:31 p.m.10 views

GHSA-4RHG-H8F2-V4JM pgAdmin 4 has deserialization of untrusted data in its FileBackedSessionManager

Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...

7.3CVSS6.5AI score0.00131EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.11 views

pgAdmin 4 has deserialization of untrusted data in its FileBackedSessionManager

Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...

7.8CVSS6.5AI score0.00131EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder