Lucene search
+L

60 matches found

nvd
nvd
added 2026/06/24 1:16 p.m.9 views

CVE-2026-13140

Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens. Anonymous exploitation requires knowledge of a random identifier. This issue affects Canarytokens: from Docker tag sha-4116b92cb before sha-f5aa5c4e, from Git commit 4116b92cb before f5aa5c4e...

2CVSS0.00185EPSS
Exploits0References1
osv
osv
added 2026/06/09 3:16 p.m.10 views

MAL-2026-5342 Malicious code in kecak256 (npm)

kecak256 is a typosquat of the popular keccak256 package one c dropped that ships a credential-stealing payload executed automatically on install. The package spoofs the legitimate keccak256 project — author "Miguel Mota", matching description, README, and keywords — and includes a benign decoy...

6.2AI score
Exploits0References6
packetstormnews
packetstormnews
added 2026/04/20 12:0 a.m.23 views

AppleSEPKeyStore Stress Tester / Fuzzer

This code is not a fully functional exploit, but rather a concurrency stress test and race-condition trigger targeting the Apple Secure Enclave key management driver AppleSEPKeyStore...

5.8AI score
Exploits0
redhatcve
redhatcve
added 2026/04/02 4:56 p.m.6 views

CVE-2026-34240

JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...

7.5CVSS5.8AI score0.0013EPSS
Exploits0References1
osv
osv
added 2026/03/31 11:9 p.m.6 views

GHSA-VM9R-H74P-HG97 jose vulnerable to untrusted JWK header key acceptance during signature verification

Impact A vulnerability in jose versions up to and including 0.3.5 could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could treat header-provided jwk as a verification candidat...

7.5CVSS5.9AI score0.0013EPSS
Exploits0References4
nvd
nvd
added 2026/03/31 4:16 p.m.6 views

CVE-2026-34240

JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...

7.5CVSS0.0013EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/03/31 3:44 p.m.3 views

CVE-2026-34240

JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...

7.5CVSS5.8AI score0.0013EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/03/31 3:44 p.m.5 views

CVE-2026-34240 jose vulnerable to untrusted JWK header key acceptance during signature verification

JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...

7.5CVSS5.8AI score0.0013EPSS
Exploits0References2
euvd
euvd
added 2026/03/31 3:44 p.m.17 views

EUVD-2026-17498

JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...

7.5CVSS5.8AI score0.0013EPSS
Exploits0References2
cve
cve
added 2026/03/31 3:44 p.m.30 views

CVE-2026-34240

Summary : CVE-2026-34240 affects the JOSE JavaScript library. Prior to 0.3.5+1, an unauthenticated, remote attacker could forge valid JWS/JWT tokens by embedding an attacker-controlled public key in the JOSE header (jwk) and exploiting header-provided keys as verification candidates even if not p...

7.5CVSS5.8AI score0.0013EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/03/31 3:44 p.m.8 views

CVE-2026-34240 jose vulnerable to untrusted JWK header key acceptance during signature verification

JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...

7.5CVSS5.8AI score0.0013EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/03/31 12:0 a.m.3 views

PT-2026-29287

JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...

7.5CVSS5.8AI score0.0013EPSS
Exploits0References3
nessus
nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : nss-3.79.0-17.el9 (AXSA:2023-5231:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5231:02 advisory. nss: Arbitrary memory write via PKCS 12 CVE-2023-0767 Bug Fixes: In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the...

8.8CVSS8.1AI score0.00817EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/11/13 12:0 a.m.6 views

IBM AIX和IBM VIOS 安全漏洞

IBM AIX and IBM VIOS are both products of the International Business Machines IBM Corporation.IBM AIX is an open standards-based UNIX operating system developed for the IBM Power architecture.IBM VIOS is part of the PowerVm® Editions hardware feature set.IBM AIX is an open standards-based UNIX...

9CVSS6AI score0.00295EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.21 views

EUVD-2020-1477

Malware in sbrugna...

4.8CVSS4.9AI score0.00276EPSS
Exploits0References4
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-1358

Malware in sbrugna...

9.8CVSS9.4AI score0.017EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2006-6590

Malware in sbrugna...

2.7CVSS6.4AI score0.00484EPSS
Exploits0References7
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-24606

Malware in sbrugna...

5.5CVSS5.5AI score0.00279EPSS
Exploits0References2
cve
cve
added 2025/09/03 4:14 a.m.28 views

CVE-2025-9785

The CVE concerns PaperCut Print Deploy (NG/MF integration) where using self‑signed or private CA certificates, without proper trust store configuration, can allow man‑in‑the‑middle attacks between clients and the server. The documentation gap on SSL configuration is cited as a contributing factor...

7.7CVSS6.4AI score0.00106EPSS
Exploits0References1
cvelist
cvelist
added 2025/09/03 4:14 a.m.12 views

CVE-2025-9785 Misconfigured certificate validation with self-signed certificates for Print Deploy

PaperCut Print Deploy is an optional component that integrates with PaperCut NG/MF which simplifies printer deployment and management. When the component is deployed to an environment, the customer has an option to configure the system to use a self-signed certificate. If the customer does not...

7.7CVSS0.00106EPSS
Exploits0References1
Rows per page
Query Builder