Lucene search
+L

12 matches found

RedHat Linux
RedHat Linux
added 2026/07/09 3:29 p.m.8 views

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18.1.P1 for Spring Boot release.

Red Hat build of Apache Camel 4.18.1.P1 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS7.4AI score0.00969EPSS
Exploits6References33
Cvelist
Cvelist
added 2026/06/12 8:55 a.m.43 views

CVE-2026-50627 Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

0.00445EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.4 views

SUSE CVE-2026-30223

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT authentication is configured using either "authJwtPubKeyPath" local RSA public key or "authJwtHmacSecret" HMAC secret, the configured audience value authJwtAud is not enforced during toke...

8.8CVSS5.8AI score0.00301EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/07 4:18 p.m.4 views

CVE-2026-30863 Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and 9.5.0-alpha.11, the Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tokens. When the adapter's audience configuration...

9.3CVSS5.7AI score0.00525EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-18619

Malware in sbrugna...

9.8CVSS9.6AI score0.02335EPSS
Exploits0References3
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/06/12 6:47 p.m.12 views

Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Summary Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT with audience and role-bound claims that do not match, allowing an invalid login to succeed when it...

7.5CVSS6.3AI score0.00343EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/12/10 12:0 a.m.6 views

OSV-2021-1658 Null-dereference READ in istio.io/istio/security/pkg/util.ExtractJwtAud

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42142 Crash type: Null-dereference READ Crash state: istio.io/istio/security/pkg/util.ExtractJwtAud...

7.2AI score
Exploits0References1
NVD
NVD
added 2018/04/04 5:29 p.m.12 views

CVE-2018-6873

The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated...

9.8CVSS9.8AI score0.02335EPSS
Exploits0References2
OSV
OSV
added 2018/04/04 5:29 p.m.18 views

CVE-2018-6873

The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated...

9.8CVSS7.7AI score0.02335EPSS
Exploits0References2
Prion
Prion
added 2018/04/04 5:29 p.m.10 views

Privilege escalation

The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated...

7.5CVSS9.7AI score0.02335EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/04/04 5:0 p.m.17 views

CVE-2018-6873

The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated...

9.9AI score0.02335EPSS
Exploits0References2
CVE
CVE
added 2018/04/04 5:0 p.m.57 views

CVE-2018-6873

CVE-2018-6873 affects Auth0 authentication service prior to 2017-10-15, where JWT audience validation was not performed, enabling privilege escalation. Multiple sources describe that the vulnerability allowed a remote attacker to authenticate as a higher-privilege user by forging or manipulating ...

9.8CVSS9.8AI score0.02335EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder