Lucene search
K

10 matches found

Cvelist
Cvelist
added last week35 views

CVE-2026-54782 CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated binding...

10CVSS0.00246EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

fast-jwt 授权问题漏洞

fast-jwt is a JSON Web Token implementation open-sourced by Nearform. Versions of fast-jwt prior to 6.2.4 contained an authorization vulnerability. This vulnerability stemmed from a critical authentication bypass in the asynchronous key resolution process, allowing unauthenticated attackers to...

9.1CVSS5.8AI score0.00236EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 10:26 p.m.19 views

Improper Authentication

Overview fast-jwt is a Fast JSON Web Token implementation Affected versions of this package are vulnerable to Improper Authentication in the async key resolver when it returns an empty string or zero-length buffer. An attacker can gain unauthorized access and assume arbitrary identities by forgin...

9.1CVSS5.9AI score0.00236EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of ticket length validation in the non-XDR key resolution path. This vulnerability may...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References1
OSV
OSV
added 2026/04/07 6:4 p.m.2 views

GHSA-GM9M-GWC4-HWGP Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution

Summary @fedify/fedify follows HTTP redirects recursively in its remote document loader and authenticated document loader without enforcing a maximum redirect count or visited-URL loop detection. An attacker who controls a remote ActivityPub key or actor URL can force a server using Fedify to mak...

7.5CVSS5.5AI score0.00551EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/04/07 6:4 p.m.7 views

Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution

Summary @fedify/fedify follows HTTP redirects recursively in its remote document loader and authenticated document loader without enforcing a maximum redirect count or visited-URL loop detection. An attacker who controls a remote ActivityPub key or actor URL can force a server using Fedify to mak...

7.5CVSS5.5AI score0.00551EPSS
Exploits1References7Affected Software2
CVE
CVE
added 2026/04/06 3:6 p.m.21 views

CVE-2026-34148

CVE-2026-34148 – Fedify resource exhaustion via unbounded redirects . Affected: @fedify/fedify (Fedify) before versions 1.9.6, 1.10.5, 2.0.8, 2.1.1. Description in connected docs confirms that the remote and authenticated document loaders recursively follow HTTP 3xx redirects without a maximum re...

7.5CVSS6AI score0.00551EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2024/12/27 2:15 p.m.17 views

CVE-2024-53179

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free of signing key Customers have reported use-after-free in @ses-authkey.response with SMB2.1 + sign mounts which occurs due to following race: task A task B cifsmount dfsmountshare getsession...

7.8CVSS0.00245EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/06/04 10:58 a.m.5 views

EAP: wildfly-elytron has a SSRF security issue

A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...

7.3CVSS5.8AI score0.00778EPSS
Exploits0References7
OSV
OSV
added 2023/04/26 9:30 p.m.3 views

GHSA-F737-3FH6-JF6W Prototype Pollution in vConsole

vConsole was discovered to contain a prototype pollution due to incorrect key and value resolution in setOptions in core.ts...

9.8CVSS5.9AI score0.00965EPSS
Exploits1References6
Rows per page
Query Builder