Lucene search
K

5 matches found

OSV
OSV
added 2026/04/23 8:47 a.m.3 views

BIT-OAUTH2-PROXY-2026-40574 OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the emaildomain enforcement option. An attacker may be able to authenticate with an email claim such as [email protected]@company.com and...

6.8CVSS5.7AI score0.00209EPSS
Exploits0References2
OSV
OSV
added 2026/04/15 7:23 p.m.4 views

GHSA-C5C4-8R6X-56W3 OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims

Impact An authorization bypass exists in OAuth2 Proxy as part of the emaildomain enforcement option. An attacker may be able to authenticate with an email claim such as [email protected]@company.com and satisfy an allowed domain check for company.com, even though the claim is not a valid email...

6.8CVSS5.8AI score0.00209EPSS
Exploits0References3
OSV
OSV
added 2026/02/04 10:15 p.m.4 views

DEBIAN-CVE-2026-25537

jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s...

7.5CVSS5.5AI score0.00443EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/04 9:31 p.m.3 views

CVE-2026-25537 jsonwebtoken has Type Confusion that leads to potential authorization bypass

jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s...

6.9CVSS5.4AI score0.00443EPSS
Exploits1References2
CVE
CVE
added 2026/02/04 9:31 p.m.54 views

CVE-2026-25537

CVE-2026-25537 concerns a type-confusion in the jsonwebtoken crate (Rust) prior to 10.3.0, where malformed standard claims may be treated as not present, bypassing time-based checks. Connected Fedora advisories indicate vaultwarden (Bitwarden-compatible server) updates to 1.36.0 address multiple ...

7.5CVSS5.4AI score0.00443EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder