Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

124842 matches found

Github Security Blog
Github Security Blogadded 2026/05/28 5:37 p.m.17 views

compliance-trestle Profile Import has an Arbitrary File Read via trestle:// URI and Relative Path Traversal

Summary The compliance-trestle library's profile import mechanism resolves trestle:// URIs and relative file paths by joining them with trestleroot and calling .resolve, but performs no boundary check to ensure the resolved path stays within the trestle workspace. An attacker can craft a maliciou...

5.9AI score0.00061EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2026/05/28 5:37 p.m.8 views

GHSA-MJ4X-VF5C-5XG8 compliance-trestle Profile Import has an Arbitrary File Read via trestle:// URI and Relative Path Traversal

Summary The compliance-trestle library's profile import mechanism resolves trestle:// URIs and relative file paths by joining them with trestleroot and calling .resolve, but performs no boundary check to ensure the resolved path stays within the trestle workspace. An attacker can craft a maliciou...

6.9CVSS5.9AI score0.00061EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletinsadded 2026/05/28 5:27 p.m.9 views

Security Bulletin: Multiple vulnerabilities within WebSphere Application Server, affect IBM Tivoli Monitoring.

Summary Multiple vulnerabilities within WebSphere Application Server which is included as part of IBM Tivoli Monitoring ITM portal server have been addressed. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server...

7.5CVSS5.7AI score0.0031EPSS
Exploits1Affected Software1
Github Security Blog
Github Security Blogadded 2026/05/28 5:2 p.m.6 views

Capsule TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability

TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability Summary The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Tenant administrators can...

9.1CVSS6AI score0.00625EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2026/05/28 5:2 p.m.4 views

GHSA-QJJM-7J9W-PW72 Capsule TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability

TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability Summary The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Tenant administrators can...

8.2CVSS6AI score0.00625EPSS
Exploits1References4
Wired Threat Level
Wired Threat Leveladded 2026/05/28 4:59 p.m.9 views

The Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They Are

The US military has long known that cheap fixes could stop location data from exposing its troops. It adopted almost none—and now says adversaries are using the data to target soldiers during a war...

5.8AI score
Exploits0
GithubExploit
GithubExploitadded 2026/05/28 4:54 p.m.55 views

project_hydra

Project HYDRA Automated vulnerability discovery & exploitat...

5.9AI score
Exploits0
Snyk
Snykadded 2026/05/28 4:50 p.m.6 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the jwt.decode or jwt.decodecomplete functions when used with a PyJWK key. An attacker can bypass algorithm restrictions and gain unauthorized access to protected resources by signing...

5.4CVSS5.8AI score0.0011EPSS
Exploits1References2
Snyk
Snykadded 2026/05/28 4:50 p.m.7 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the uri parameter being passed directly to urllib.request.urlopen, which allows fetching resources using unsupported schemes such as file, ftp, and data. An attacker can access...

4.2CVSS5.9AI score0.00148EPSS
Exploits1References2
Snyk
Snykadded 2026/05/28 4:50 p.m.8 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication when decoding JSON Web Tokens. An attacker can forge valid tokens by supplying a public key as the secret for the HMAC algorithm when both asymmetric and HMAC algorithms are supported. PoC python from jwt.apijws...

8.8CVSS5.8AI score0.00148EPSS
Exploits1References2
GithubExploit
GithubExploitadded 2026/05/28 4:24 p.m.61 views

WireDown

WireDown Autonomous AI-Driven Honeypot in a Zero-Gravity Physi...

10CVSS7.5AI score0.85974EPSS
Exploits39
PyPA
PyPAadded 2026/05/28 4:16 p.m.8 views

PYSEC-2026-176

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.0011EPSS
Exploits1References1Affected Software1
PyPA
PyPAadded 2026/05/28 4:16 p.m.8 views

PYSEC-0000-CVE-2026-48523

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.0011EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2026/05/28 4:16 p.m.12 views

CVE-2026-48523

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS0.0011EPSS
Exploits1References1
OSV
OSVadded 2026/05/28 4:16 p.m.4 views

DEBIAN-CVE-2026-48523

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.0011EPSS
Exploits1References1
OSV
OSVadded 2026/05/28 4:16 p.m.3 views

PYSEC-2026-176

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.0011EPSS
Exploits1References1
NVD
NVDadded 2026/05/28 4:16 p.m.17 views

CVE-2026-48526

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

7.4CVSS0.00148EPSS
Exploits1References1
PyPA
PyPAadded 2026/05/28 4:16 p.m.9 views

PYSEC-2026-179

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

7.4CVSS5.8AI score0.00148EPSS
Exploits1References1Affected Software1
PyPA
PyPAadded 2026/05/28 4:16 p.m.8 views

PYSEC-0000-CVE-2026-48526

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

7.4CVSS5.8AI score0.00148EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2026/05/28 4:16 p.m.3 views

PYSEC-2026-179

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

7.4CVSS5.8AI score0.00148EPSS
Exploits1References1
Rows per page
Query Builder