Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/06/12 8:55 a.m.40 views

CVE-2026-50627 Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

0.00445EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2018-0791

Malware in sbrugna...

7.4CVSS4.6AI score0.00653EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/10/21 11:25 p.m.38 views

CVE-2024-10125 Lack of JWT issuer and signer validation

The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcorevalidatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer ALB OpenId Connect integration and can be used in any ASP.NET...

7.5CVSS0.00319EPSS
Exploits0References2
NVD
NVD
added 2018/12/19 10:29 p.m.30 views

CVE-2018-15801

Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWT...

7.4CVSS4.8AI score0.00653EPSS
Exploits0References1
OSV
OSV
added 2018/12/19 10:29 p.m.28 views

CVE-2018-15801

Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWT...

7.4CVSS6.7AI score0.00653EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/12/19 10:0 p.m.37 views

CVE-2018-15801 Authorization Bypass During JWT Issuer Validation with spring-security

Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWT...

3.3CVSS7.3AI score0.00653EPSS
Exploits0References1
Rows per page
Query Builder