CVE-2026-33996 LibJWT has NULL/bounds validation in JWK octet and RSA PSS parsing

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...

CVE-2021-28902

In function readyincontainer in libyang extr is NULL. In some cases, it can be NULL, which leads to the operation of retval-extr-flags that results in a crash...