Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

Cvelist
Cvelistadded last week27 views

CVE-2026-50627 Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

0.00508EPSS
Exploits0References1
SUSE CVE
SUSE CVEadded 2026/03/25 12:25 a.m.1 views

SUSE CVE-2026-30223

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT authentication is configured using either "authJwtPubKeyPath" local RSA public key or "authJwtHmacSecret" HMAC secret, the configured audience value authJwtAud is not enforced during toke...

8.8CVSS5.8AI score0.00301EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/03/07 4:18 p.m.2 views

CVE-2026-30863 Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and 9.5.0-alpha.11, the Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tokens. When the adapter's audience configuration...

9.3CVSS5.7AI score0.00462EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2018-18619

Malware in sbrugna...

9.8CVSS9.6AI score0.02335EPSS
Exploits0References3
OSV
OSVadded 2021/12/10 12:0 a.m.5 views

OSV-2021-1658 Null-dereference READ in istio.io/istio/security/pkg/util.ExtractJwtAud

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42142 Crash type: Null-dereference READ Crash state: istio.io/istio/security/pkg/util.ExtractJwtAud...

7.2AI score
Exploits0References1
OSV
OSVadded 2018/04/04 5:29 p.m.16 views

CVE-2018-6873

The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated...

9.8CVSS7.7AI score0.02335EPSS
Exploits0References2
NVD
NVDadded 2018/04/04 5:29 p.m.10 views

CVE-2018-6873

The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated...

9.8CVSS9.8AI score0.02335EPSS
Exploits0References2
Prion
Prionadded 2018/04/04 5:29 p.m.8 views

Privilege escalation

The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated...

7.5CVSS9.7AI score0.02335EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2018/04/04 5:0 p.m.15 views

CVE-2018-6873

The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated...

9.9AI score0.02335EPSS
Exploits0References2
CVE
CVEadded 2018/04/04 5:0 p.m.43 views

CVE-2018-6873

CVE-2018-6873 affects Auth0 authentication service prior to 2017-10-15, where JWT audience validation was not performed, enabling privilege escalation. Multiple sources describe that the vulnerability allowed a remote attacker to authenticate as a higher-privilege user by forging or manipulating ...

9.8CVSS9.8AI score0.02335EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder