CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

47 matches found

Linux Distros Unpatched Vulnerability : CVE-2026-48990

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions 1.3.4 through 1.6.5, joser...

5.3CVSS5.9AI score0.00163EPSS

Exploits0References3

RedhatCVE•added 6 days ago•6 views

CVE-2026-48990

A flaw was found in joserfc, a Python library for JSON Object Signing and Encryption JOSE. This vulnerability allows a remote attacker to cause resource exhaustion, leading to a Denial of Service DoS, by sending oversized JSON Web Signature JWS payloads. The library fails to apply size limits,...

5.3CVSS5.3AI score0.00163EPSS

Exploits0References5

NVD•added last week•9 views

CVE-2026-48990

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions 1.3.4 through 1.6.5, joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.maxpayloadlength, which can lead to resource exhaustion...

5.3CVSS0.00163EPSS

Exploits0References2

OSV•added last week•4 views

UBUNTU-CVE-2026-48990

5.3CVSS5.8AI score0.00163EPSS

Exploits0References3

Cvelist•added last week•17 views

CVE-2026-48990 joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization

5.3CVSS0.00163EPSS

Exploits0References2

CVE•added last week•16 views

CVE-2026-48990

In joserfc (Python), CVE-2026-48990 affects versions 1.3.4–1.6.5 where oversized RFC7797 b64=false JWS payloads bypass JWSRegistry.max_payload_length during deserialization, enabling potential resource exhaustion. The standard JWS compact/flattened paths enforce the payload limit via ExceededSize...

5.3CVSS5.4AI score0.00163EPSS

Exploits0References2

Debian CVE•added last week•6 views

CVE-2026-48990

5.3CVSS5.4AI score0.00163EPSS

Exploits0

OSV•added 2026/06/03 2:51 p.m.•5 views

ROOT-APP-PYPI-CVE-2026-27932 CVE-2026-27932 in rootio-joserfc - Patched by Root

Root has patched CVE-2026-27932 in the rootio-joserfc package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.8AI score0.00432EPSS

Exploits2

Tenable Nessus•added 2026/03/07 12:0 a.m.•5 views

openSUSE 16 Security Update : python-joserfc (openSUSE-SU-2026:20322-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20322-1 advisory. Changes in python-joserfc: - CVE-2026-27932: unbounded PBKDF2 iteration count can lead to a denial of service bsc1259154 Tenable has extracted the...

7.5CVSS5.9AI score0.00432EPSS

Exploits2References3

OPENSUSE Linux•added 2026/03/06 12:0 a.m.•5 views

python311-joserfc-1.6.3-1.1 on GA media (moderate)

python311-joserfc-1.6.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10293-1 Rating: moderate Cross-References: CVE-2026-27932 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

7.5CVSS5.8AI score0.00432EPSS

Exploits2

OPENSUSE Linux•added 2026/03/06 12:0 a.m.•4 views

Security update for python-joserfc (important)

openSUSE security update: security update for python-joserfc ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20322-1 Rating: important References: bsc1259154 Cross-References: CVE-2026-27932 Affected Products: openSUSE Leap 16.0...

7.5CVSS5.8AI score0.00432EPSS

Exploits2References1

OSV•added 2026/03/05 2:32 p.m.•2 views

OPENSUSE-SU-2026:20322-1 Security update for python-joserfc

This update for python-joserfc fixes the following issues: Changes in python-joserfc: - CVE-2026-27932: unbounded PBKDF2 iteration count can lead to a denial of service bsc1259154...

7.5CVSS5.8AI score0.00432EPSS

Exploits2References2

SUSE CVE•added 2026/03/05 6:50 a.m.•5 views

SUSE CVE-2026-27932

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS5.8AI score0.00432EPSS

Exploits2References3

OSV•added 2026/03/05 12:0 a.m.•2 views

OPENSUSE-SU-2026:10293-1 python311-joserfc-1.6.3-1.1 on GA media

These are all security issues fixed in the python311-joserfc-1.6.3-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00432EPSS

Exploits2References1

RedhatCVE•added 2026/03/04 5:2 a.m.•6 views

CVE-2026-27932

A flaw was found in joserfc, a Python library for JSON Object Signing and Encryption JOSE standards. An unauthenticated attacker can cause a Denial of Service DoS by exploiting a resource exhaustion vulnerability. This occurs when the library decrypts a JSON Web Encryption JWE token using...

7.5CVSS5.8AI score0.00432EPSS

Exploits2References2

NVD•added 2026/03/03 11:15 p.m.•9 views

CVE-2026-27932

7.5CVSS0.00432EPSS

Exploits2References2

OSV•added 2026/03/03 11:15 p.m.•6 views

DEBIAN-CVE-2026-27932

7.5CVSS5.4AI score0.00432EPSS

Exploits2References1