Lucene search
K

6 matches found

SUSE CVE
SUSE CVE
added 2026/03/24 12:24 a.m.7 views

SUSE CVE-2026-33204

SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...

7.5CVSS5.8AI score0.00481EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/23 10:53 a.m.4 views

CVE-2026-33204

A flaw was found in SimpleJWT, a PHP library for JSON Web Tokens. An unauthenticated attacker can exploit this vulnerability by tampering with JSON Web Encryption JWE headers when Password-Based Key Derivation Function 2 PBES2 algorithms are in use. This can lead to a Denial of Service DoS if an...

7.5CVSS5.7AI score0.00481EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/20 10:37 p.m.22 views

CVE-2026-33204 SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering

SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...

7.5CVSS0.00481EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 10:37 p.m.5 views

CVE-2026-33204 SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering

SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...

7.5CVSS5.8AI score0.00481EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/18 8:16 p.m.8 views

SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering

Summary An unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are affected. Details PHP version: PHP 8.4.11 SimpleJWT version: v1.1.0 The relevant...

7.5CVSS5.9AI score0.00481EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.5 views

PT-2026-26212

Summary An unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are affected. Details PHP version: PHP 8.4.11 SimpleJWT version: v1.1.0 The relevant...

7.5CVSS6AI score0.00481EPSS
Exploits1References6
Rows per page
Query Builder