360solutions-bc-mcp (>=0.5.3 <=0.5.6), 3di-cmd-client (>=0.0.1a0 <=0.0.3) +1507 more potentially affected by CVE-2026-48526 via pyjwt (>=0.2.1 <=2.12.1)

pyjwt PYPI version =0.2.1, =0.5.3, =0.0.1a0, =0.1.1, =1.0.0, =2.0.0, =1.1.1, =0.8.44.4, =0.1.0, =0.1.1, =0.1.1, =0.1.5 - affo-user-service =1.0.4 and more Source cves: CVE-2026-48526 Source advisory: OSV:PYSEC-2026-179...

USN-8133-1 pyjwt vulnerability

It was discovered that PyJWT did not validate the critical header parameter, contrary to the RFC specification expectations. A remote attacker could possibly use this issue to bypass certain authentication checks and restrictions...

EUVD-2021-18484

Malware in sbrugna...

CVE-2021-31590

PwnDoc all versions until 0.4.0 2021-08-23 has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user" privilege. Even after a...

PwnDoc has an unspecified vulnerability

PwnDoc is an application. The penetration test report generator PwnDoc version 2021-04-22 and prior versions has a security vulnerability that stems from incorrect JSON Webtoken handling, which could be exploited by an attacker to cause incorrect access control...

CVE-2021-31590

PwnDoc all versions until 0.4.0 2021-08-23 has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user" privilege. Even after a...

CVE-2021-31590

PwnDoc all versions until 0.4.0 2021-08-23 has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user" privilege. Even after a...

Authentication flaw

PwnDoc all versions until 0.4.0 2021-08-23 has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user" privilege. Even after a...

CVE-2021-31590

PwnDoc all versions until 0.4.0 2021-08-23 has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user" privilege. Even after a...

CVE-2021-31590

PwnDoc (up to 0.4.0 as of 2021-08-23) contains a JWT handling flaw that enables improper access control. A valid JSON Web Token used for authentication/authorization can preserve admin privileges when a user is downgraded to “user,” and even after account deletion the attacker can access the admi...