Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Amazon
Amazonadded 2026/04/30 12:0 a.m.3 views

Important: python-jwcrypto

Issue Overview: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does...

5.3CVSS6.2AI score0.00105EPSS
Exploits1
Amazon
Amazonadded 2026/04/30 12:0 a.m.2 views

Important: python-jwcrypto

Issue Overview: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does...

5.3CVSS6.1AI score0.00105EPSS
Exploits1
OSV
OSVadded 2026/04/08 12:16 a.m.0 views

GHSA-FJRM-76X2-C4Q4 JWCrypto: JWE ZIP decompression bomb

Summary The fix for GHSA-j857-7rvv-vj97 in v1.5.6 is weak in that it does not allow to fully control the amount of plaintext the receiver is willing to deal with and provides just a weak upper bound. The patch limits input token size to 250KB but does not validate the decompressed output size. An...

5.3CVSS5.9AI score0.00105EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/04/07 7:35 p.m.0 views

CVE-2026-39373 JWCrypto: JWE ZIP decompression bomb

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does not validate th...

5.3CVSS5.9AI score0.00105EPSS
Exploits1References1
Debian CVE
Debian CVEadded 2026/04/07 7:35 p.m.1 views

CVE-2026-39373

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does not validate th...

5.3CVSS5.4AI score0.00105EPSS
Exploits1
Tenable Nessus
Tenable Nessusadded 2025/10/28 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-62706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib's JWE zip=DEF path performs unbounded DEFLATE...

6.5CVSS5.7AI score0.00137EPSS
Exploits1References2
Cvelist
Cvelistadded 2025/10/22 9:31 p.m.11 views

CVE-2025-62706 Authlib : JWE zip=DEF decompression bomb enables DoS

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

6.5CVSS0.00137EPSS
Exploits1References2
Rows per page
Query Builder