Lucene search
K

11 matches found

OSV
OSV
added 2026/05/28 4:16 p.m.9 views

DEBIAN-CVE-2026-48523

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00127EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44395

Name of the Vulnerable Software and Affected Versions PyJWT versions 2.9.0 through 2.12.1 Description A verifier-side algorithm allow-list bypass occurs when jwt.decode or jwt.decode complete are called with a PyJWK key. While the token header alg is checked against the provided algorithms...

5.4CVSS5.2AI score0.00127EPSS
Exploits1References210
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-0406

Malware in sbrugna...

7.5CVSS7.8AI score0.0606EPSS
Exploits0References31
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:26 a.m.97 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-39077 DESCRIPTION: IBM Security Guardium stores user credentials in plain clear text which can be read by a local privileged user. CVSS Base score: 4.4 CVSS Temporal Score: See:...

10CVSS10AI score0.42993EPSS
Exploits1Affected Software1
OSV
OSV
added 2020/05/22 7:23 p.m.41 views

GHSA-42F2-F9VC-6365 Private key leak in Apache CXF

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...

7.5CVSS6.5AI score0.0606EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2020/05/22 7:23 p.m.155 views

Private key leak in Apache CXF

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...

7.5CVSS0.8AI score0.0606EPSS
Exploits0References12Affected Software2
RedhatCVE
RedhatCVE
added 2020/01/31 6:39 p.m.37 views

CVE-2019-12423

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...

7.5CVSS0.9AI score0.0606EPSS
Exploits0References3
NVD
NVD
added 2020/01/16 6:15 p.m.27 views

CVE-2019-12423

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...

7.5CVSS8.3AI score0.0606EPSS
Exploits0References10
OSV
OSV
added 2020/01/16 6:15 p.m.26 views

CVE-2019-12423

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...

7.5CVSS6.3AI score0.0606EPSS
Exploits0References10
Cvelist
Cvelist
added 2020/01/16 5:42 p.m.33 views

CVE-2019-12423

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...

8.2AI score0.0606EPSS
Exploits0References10
CVE
CVE
added 2020/01/16 5:42 p.m.184 views

CVE-2019-12423

CVE-2019-12423 affects Apache CXF OpenId Connect JWK Keys service. When rs.security.keystore.type is set to “jwk”, the service may return all keys from the JWK file, potentially exposing private/secret key credentials if present, though newer CXF releases restrict to the key with the matching ali...

7.5CVSS7.2AI score0.0606EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder