Lucene search
K

52573 matches found

CVE
CVE
added 2026/05/28 6:45 a.m.16 views

CVE-2026-9227

The connected CVE entries confirm a vulnerability in GutenBee ≤ 2.20.1 (WordPress plugin): an Arbitrary File Upload via the function gutenbee_file_and_ext_json. The root cause is a flawed strpos() check that only tests for the presence of ".json" in the filename, not that it ends with a .json ext...

8.8CVSS6.4AI score0.00659EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/28 6:45 a.m.7 views

CVE-2026-9227 GutenBee <= 2.20.1 - Authenticated (Author+) Arbitrary File Upload via wp_check_filetype_and_ext Filter

The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbeefileandextjson function. This is due to a flawed strpos substring check that only verifies whether the filename contains the string '.json' rath...

8.8CVSS6.4AI score0.00659EPSS
Exploits0References9
NVD
NVD
added 2026/05/28 6:16 a.m.14 views

CVE-2026-9673

Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications...

7CVSS0.00166EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/28 5:0 a.m.35 views

CVE-2026-9673

Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications...

7CVSS0.00166EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/28 5:0 a.m.9 views

CVE-2026-9673

Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications...

7CVSS5.9AI score0.00166EPSS
Exploits0References4
CVE
CVE
added 2026/05/28 5:0 a.m.26 views

CVE-2026-9673

CVE-2026-9673 affects json-2-csv versions 3.15.0 and earlier up to 5.5.11, vulnerable to CSV Injection via the preventCsvInjection option, which can be bypassed. An attacker can inject formulas into CSV files that execute when opened in spreadsheet apps. The SNYK entry describes a PoC and recomme...

7CVSS5.9AI score0.00166EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/28 5:0 a.m.10 views

CVE-2026-9673

Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications...

7CVSS5.9AI score0.00166EPSS
Exploits0References5
CVE
CVE
added 2026/05/28 3:44 a.m.47 views

CVE-2026-9793

Keycloak vulnerability CVE-2026-9793: when a JSON Web Encryption (JWE) encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This can lead to unauthorized claims and data integrity c...

7.5CVSS5.8AI score0.0012EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/28 3:44 a.m.31 views

CVE-2026-9793 Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing

A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...

5.9CVSS0.0012EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 3:44 a.m.12 views

CVE-2026-9793 Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing

A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...

5.9CVSS5.8AI score0.0012EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/28 3:44 a.m.18 views

CVE-2026-9793

A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...

7.5CVSS5.7AI score0.0012EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/28 3:12 a.m.6 views

Improper Verification of Cryptographic Signature

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the requestObjectSignatureAlg policy bypass during the...

8.2CVSS5.4AI score0.0012EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 12:0 a.m.11 views

CVE-2026-42999

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

6CVSS6AI score0.00329EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 12:0 a.m.5 views

CVE-2026-42999

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

6CVSS6AI score0.00329EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

pyjwt 数据伪造问题漏洞

pyjwt is a Python library developed by José Padilla of the United States. It allows for the encoding and decoding of JSON Web Tokens JWTs. Prior to version 2.13.0, pyjwt had a data manipulation vulnerability. This vulnerability stemmed from the fact that the verifier supported both asymmetric and...

7.4CVSS5.7AI score0.00379EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.11 views

RHEL 9 : fence-agents (RHSA-2026:21431)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21431 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

8.2CVSS6.8AI score0.00341EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44398

Name of the Vulnerable Software and Affected Versions PyJWT versions prior to 2.13.0 Description PyJWT is a JSON Web Token implementation in Python. When the verifier decodes JSON Web Tokens while supporting both asymmetric and HMAC algorithms, the library fails to validate the use of JSON Web Ke...

7.4CVSS5.2AI score0.00379EPSS
Exploits1References238
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

pyjwt 安全漏洞

pyjwt is a Python library developed by José Padilla from the United States. It allows for the encoding and decoding of JSON Web Tokens JWTs. Prior to version 2.13.0, pyjwt had a security vulnerability. This vulnerability stemmed from the function PyJWKClient.getsigningkey, which forced each JWT...

3.7CVSS5.8AI score0.00222EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.19 views

PT-2026-44397

Name of the Vulnerable Software and Affected Versions PyJWT versions 2.8.0 through 2.12.1 Description When verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, the software performs Base64URL decoding of the compact-serialization payload segment before enforcin...

5.3CVSS5.3AI score0.00288EPSS
Exploits1References237
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44396

Name of the Vulnerable Software and Affected Versions PyJWT versions prior to 2.13.0 Description PyJWT is a JSON Web Token implementation in Python. The get signing key function in PyJWKClient forces a new HTTP request to the JWKS endpoint for every JWT containing an unknown kid value, without...

9.8CVSS5.2AI score0.00222EPSS
Exploits0References235
Rows per page
Query Builder