RHEL 10 : fence-agents (RHSA-2026:13916)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13916 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

Regular Expression Denial Of Service

fast-jwt is vulnerable to Regular Expression Denial of Service. The vulnerability is due to the library allowing regular expressions in claim validation, where a crafted JWT can trigger catastrophic backtracking in the JavaScript regex engine, resulting in significant CPU consumption during...

@albirex/platformatic-logto (>=1.0.0 <=3.0.1), @aoi-js/server (>=1.2.3 <=1.2.11) +114 more potentially affected by CVE-2026-35041 via fast-jwt (>=5.0.0 <=6.0.1)

fast-jwt NPM version =5.0.0, =1.0.0, =1.2.3, =1.0.6, =1.0.11, =1.9.4, =0.16.13, =0.16.13, =2.0.5, =5.0.1, =9.0.2, =0.4.15, =0.10.0, =1.0.1-beta.3, =1.10.0 and more Source cves: CVE-2026-35041 Source advisory: OSV:GHSA-CJW9-GHJ4-FWXF...

@albirex/platformatic-logto (>=1.0.0 <=3.0.1), @aoi-js/server (>=1.2.3 <=1.2.11) +114 more potentially affected by CVE-2026-35041 via fast-jwt (>=5.0.0 <=6.0.1)

fast-jwt NPM version =5.0.0, =1.0.0, =1.2.3, =1.0.6, =1.0.11, =1.9.4, =0.16.13, =0.16.13, =2.0.5, =5.0.1, =9.0.2, =0.4.15, =0.10.0, =1.0.1-beta.3, =1.10.0 and more Source cves: CVE-2026-35041 Source advisory: SNYK:JS-FASTJWT-15965925...

CVE-2026-35041 ReDoS in fast-jwt when using RegExp in allowed* leading to CPU exhaustion during token verification

fast-jwt provides fast JSON Web Token JWT implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured using a regular expression. Because the aud claim is attacker-controlled and the library evaluates it against the...

CVE-2026-35040

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.1, using certain modifiers on RegExp objects in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options in verify functions can cause certain unintended behaviours. This is because some modifiers are statef...

fast-jwt 安全漏洞

fast-jwt is a JSON Web Token implementation open-sourced by Nearform. Versions of fast-jwt up to 6.2.0 contained security vulnerabilities. These vulnerabilities occurred when the allowedAud verification option used regular expressions, and if the aud declaration controlled by the attacker trigger...

@jsprismarine/client (>=0.12.2-unstable-20250320195345 <=0.13.1-unstable-20250503082416), @jsprismarine/prismarine (>=0.12.2-unstable-20250320195345 <=0.13.1-unstable-20250503082416) +1 more potentially affected by CVE-2023-48223 +1 more via fast-jwt (>=6.0.0 <=6.0.1)

fast-jwt NPM version =6.0.0, =0.12.2-unstable-20250320195345, =0.12.2-unstable-20250320195345, =0.12.2-unstable-20250320195345, =0.13.1-unstable-20250503082416 Source cves: CVE-2023-48223, CVE-2026-34950 Source advisory: SNYK:JS-FASTJWT-15876721...

com.baomidou:shaun-core (>=1.0 <=1.4), com.baomidou:shaun-spring-boot-starter (>=1.0 <=1.4) +37 more potentially affected by CVE-2026-29000 via org.pac4j:pac4j-jwt (>=4.0.0-RC1 <=4.5.8)

org.pac4j:pac4j-jwt MAVEN version =4.0.0-RC1, =1.0, =1.0, =1.1, =1.1.0, =1.1.1, =1.1.1, =1.1.1, =1.0.0.RELEASE, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.9.0 and more Source cves: CVE-2026-29000 Source advisory: SNYK:JAVA-ORGPAC4J-15428218...

Security Bulletin: IBM Storage Ceph is vulnerable to Insufficient Verification of Data Authenticity in RGW (CVE-2024-48916)

Summary Ceph Rados Gateway RadosGW OIDC provider is used by IBM Storage Ceph in RGW. CVE-2024-48916 This bulletin identifies the steps to take to address the vulnerability in Ceph. Vulnerability Details CVEID:CVE-2024-48916 DESCRIPTION: Ceph is a distributed object, block, and file storage...

EUVD-2016-7921

Malware in sbrugna...

EUVD-2020-7928

Malware in sbrugna...

EUVD-2019-0429

Malware in sbrugna...

EUVD-2020-0463

Malware in sbrugna...

EUVD-2019-2061

Malware in sbrugna...

EUVD-2021-16069

Malware in sbrugna...

EUVD-2021-30378

Malicious code in bioql PyPI...

EUVD-2024-51955

Malicious code in bioql PyPI...

EUVD-2024-51979

Malicious code in bioql PyPI...

EUVD-2024-48644

Malicious code in bioql PyPI...