Lucene search
K

10 matches found

GithubExploit
GithubExploit
added 2026/04/14 5:17 a.m.97 views

avsig

⚡ AVSIG JWT Inspector & Security Auditor - decode, anal...

5.8AI score
Exploits0
CVE
CVE
added 2026/03/16 12:4 p.m.9 views

CVE-2026-25783

CVE-2026-25783 affects Mattermost versions 11.3.x up to 11.3.0, 11.2.x up to 11.2.2, and 10.11.x up to 10.11.10. An authenticated attacker can trigger a request panic by sending specially crafted User-Agent header, due to improper validation of User-Agent header tokens. The CVSS score is 4.3 (Med...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/01/30 4:56 p.m.3 views

CLEANSTART-2025-ZR62045 attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing

Multiple security vulnerabilities affect the clickhouse-operator package. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. See references for individual vulnerability details...

9.8CVSS5.2AI score0.00804EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2025/05/13 5:18 p.m.5 views

go-jose: Go JOSE's Parsing Vulnerable to Denial of Service

A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Splittoken, "." to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large numb...

8.7CVSS6.8AI score0.00369EPSS
Exploits0References7
Veracode
Veracode
added 2025/04/25 10:37 a.m.13 views

Denial Of Service (DoS)

github.com/traefik/traefik is vulnerable to Denial Of Service DoS. The vulnerability is due to improper input validation and insufficient handling of malformed tokens during parsing, allows the attacker to exploit the system by sending a crafted token that triggers excessive memory consumption...

7.5CVSS6.7AI score0.00804EPSS
Exploits0References7Affected Software1
RedHat Linux
RedHat Linux
added 2025/04/03 1:38 p.m.4 views

golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

A flaw was found in the golang.org/x/oauth2/jws package in the token parsing component. This vulnerability is made possible because of the use of strings.Splittoken, "." to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large...

7.5CVSS7.1AI score0.00804EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/03/27 1:12 a.m.7 views

go-jose: Go JOSE's Parsing Vulnerable to Denial of Service

A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Splittoken, "." to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large numb...

8.7CVSS6.8AI score0.00369EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.2 views

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from unexpected memory consumption when parsing malicious malformed tokens...

7.5CVSS6.3AI score0.00804EPSS
Exploits0References5
OSV
OSV
added 2025/02/24 11:15 p.m.2 views

DEBIAN-CVE-2025-27144

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/02/24 10:49 p.m.25 views

DoS in go-jose Parsing

Impact When parsing compact JWS or JWE input, go-jose could use excessive memory. The code used strings.Splittoken, "." to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of '.' characters. An attacker could...

8.7CVSS7.1AI score0.00369EPSS
Exploits0References7Affected Software3
Rows per page
Query Builder