123164 matches found
Exploit for Improper Authentication in Influxdata Influxdb
LAB 5-CVE-2019-20933 I. SYSTEM ANALYSIS Identify...
CVE-2026-48523 PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys
PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...
CVE-2026-48523
PyJWT vulnerability affecting versions 2.9.0–2.12.1 where verifier-side algorithm allow-list bypass occurs when decoding with a PyJWK/PyJWKClient key. The token header’s alg is checked against the caller-supplied allow-list, but the signature is verified using the algorithm bound to the PyJWK obj...
CVE-2026-48523
PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...
CVE-2026-48523 PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys
PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...
EUVD-2026-32918
PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...
CVE-2026-48523
PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...
CVE-2026-48526 PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...
CVE-2026-48526
PyJWT (Python) prior to 2.13.0 did not validate the use of JSON Web Keys in HMAC verification, allowing an attacker to use the issuer public key as the HMAC secret during token verification. This could enable forging tokens when mixing RS/EC/JWK and HS algorithms. The issue is fixed in PyJWT 2.13...
EUVD-2026-32917
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...
CVE-2026-48526
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...
CVE-2026-48526
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...
CVE-2026-48526 PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...
Vulnerabilities in libxml2 (CVE-2026-0989 CVE-2026-0990 CVE-2026-0992) affect AIX
IBM SECURITY ADVISORY First Issued: Thu May 28 14:13:09 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/libxml2advisory11.asc Security Bulletin: Vulnerabilities in libxml2 CVE-2026-0989, CVE-2026-0990, CVE-2026-0992,...
Multiple vulnerabilities in OpenSSH affect AIX
IBM SECURITY ADVISORY First Issued: Thu May 28 14:09:50 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/opensshadvisory21.asc Security Bulletin: Multiple vulnerabilities in OpenSSH affect AIX...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to a vulnerability in path-to-regexp
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to a vulnerability in path-to-regexp. CVE-2026-4867 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in path-to-regexp
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in path-to-regexp. CVE-2026-4923, CVE-2026-4926 The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-4923 DESCRIPTION: Impact: When using multiple...
Exploit for CVE-2026-47100
CVE-2026-47100 — FunnelKit / Funnel Builder for WooCommerce Ch...
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More
Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, and enough exposed infrastructure to make you wonder if prod is just a public beta now - meanwhile...
Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring
Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 3.3 Vulnerability Details CVEID:CVE-2026-40972 DESCRIPTION: An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extrem...