Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/07/01 3:33 a.m.35 views

CVE-2026-7829 UltraVNC repeater authenticated out-of-bounds write in rule parser via oversized token

UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule parser. In repeater/webgui/settings.c:225-272, after strncpys copies a rule token into temp1rule1 25-byte destination or temp2/temp3 16-byte destination, the code unconditionally writes a N...

7.2CVSS0.00571EPSS
Exploits0References3
Veracode
Veracode
added 2026/06/22 10:45 a.m.9 views

Resource Exhaustion

joserfc is vulnerable to Resource Exhaustion. The vulnerability is due to missing payload size validation for RFC7797 b64=false JWS payloads, where oversized payloads bypass the configured maximum payload length check, and attackers can exploit it by submitting large JWS tokens that consume...

5.3CVSS5.8AI score0.00163EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2025/11/18 11:25 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ExceededSizeError exception. An attacker can cause excessive memory consumption and potentially disrupt service availability by sending arbitrarily large JWT tokens in HTTP...

9.2CVSS6.8AI score0.00329EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/10/14 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2025-61920

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib's JOSE implementation accepts unbounded JWS/JWT heade...

7.5CVSS7.1AI score0.00596EPSS
Exploits1References2
OSV
OSV
added 2025/10/10 7:25 p.m.3 views

CVE-2025-61920 Authlib is vulnerable to Denial of Service via Oversized JOSE Segments

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes...

7.5CVSS6.7AI score0.00596EPSS
Exploits1References5
Rows per page
Query Builder