jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression

A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This...

CLEANSTART-2026-HX94762 attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing

Multiple security vulnerabilities affect the prometheus-operator package. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. See references for individual vulnerability details...

EUVD-2024-26380

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

CVE-2024-29371

In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...

Fulcio allocates excessive memory during token parsing

Function identity.extractIssuerURL currently splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request with an invalid OIDC identity token in the payload containing many period characters, a call to extractIssuerURL incurs...

Can Transformer Memory Be Corrupted? Investigating Cache-Side Vulnerabilities in Large Language Models

Even when prompts and parameters are secured, transformer language models remain vulnerable because their key-value KV cache during inference constitutes an overlooked attack surface. This paper introduces Malicious Token Injection MTI, a modular framework that systematically perturbs cached key...

EUVD-2018-12898

Malware in sbrugna...

EUVD-2025-28077

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-22868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CVE-2025-22868 Note that Nessus relies on the...

CVE-2025-22868

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...

CVE-2025-22868

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...

CVE-2025-22868

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...

Go JOSE 安全漏洞

Go JOSE is a Go JOSE open source implementation of the JOSE standard in Go. A security vulnerability exists in Go JOSE versions 4.x up to and including 4.0.5, which stems from excessive memory consumption. An attacker exploiting this vulnerability could cause a denial of service by sending a...

jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression

A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This...

python-jwcrypto: malicious JWE token can cause denial of service

An uncontrolled resource consumption vulnerability was found in python-jwcrypto. If a malicious JWE token with a high compression ratio is passed to the server, the server will consume a lot of memory and processing time, leading to a denial of service...

python-jwcrypto: malicious JWE token can cause denial of service

An uncontrolled resource consumption vulnerability was found in python-jwcrypto. If a malicious JWE token with a high compression ratio is passed to the server, the server will consume a lot of memory and processing time, leading to a denial of service...

AZL-43360 CVE-2024-28102 affecting package python-jwcrypto 0.6.0-9

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

JWCrypto Security Vulnerability

JWCrypto is a JWCrypto open source implementation of the Javascript Object Signing and Encryption JOSE web standard. A security vulnerability exists in JWCrypto 1.5.5 and earlier versions, which stems from a vulnerability that allows an attacker to trigger a DoS attack by passing in a malicious J...

TribeRedeemer.reedem assets can be lost in case of malicious token

Lines of code Vulnerability details Impact The function redeemaddress to, uint256 amountIn to calculate the amount of redemption tokens in turn calls In case of a malicious token will always revert: contract BadBadERC20 is ERC20, ERC20Burnable constructor ERC20"BadToken", "BDT" function...

Non-standard/Malicious token transfers may cause loans not to be paid.

Lines of code Vulnerability details Impact Non-standard token transfers may cause loans not to be paid. Proof of Concept The TRSRY.sol has repayLoan function for the users to repay their loan as per the ERC20 token. The function is as below; function repayLoanERC20 token, uint256 amount external...