Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

ATTACKERKB
ATTACKERKBadded 2026/03/03 10:48 p.m.2 views

CVE-2026-27932

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS6AI score0.00048EPSS
Exploits2References3Affected Software1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2023-3143

Malicious code in bioql PyPI...

5.3CVSS5.8AI score0.00183EPSS
Exploits1References4
RedHat Linux
RedHat Linuxadded 2024/10/14 6:7 p.m.4 views

jose4j: denial of service via specially crafted JWE

A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...

6.5CVSS7.1AI score0.00383EPSS
Exploits1References4
OSV
OSVadded 2024/07/19 9:32 a.m.0 views

GHSA-6PFF-FMH2-4MMF Apache CXF Denial of Service vulnerability in JOSE

An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token...

6.9CVSS6.9AI score0.00258EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2024/07/18 12:0 a.m.1 views

PT-2024-5228 · Atlassian +1 · Bitbucket Data Center/Server +2

Name of the Vulnerable Software and Affected Versions: Apache CXF versions prior to 3.5.9 Apache CXF versions prior to 3.6.4 Apache CXF versions prior to 4.0.5 Bitbucket Data Center and Server versions 8.9.0 through 8.9.18 Bitbucket Data Center and Server versions 8.18.0 Bitbucket Data Center and...

7.8CVSS7.5AI score0.00258EPSS
Exploits0References19
Veracode
Veracodeadded 2024/03/01 4:45 a.m.16 views

Denial Of Service (DoS)

jose2go is vulnerable to Denial of Service DoS. The vulnerability is caused due to a lack of input validation and handling for the "p2c" PBES2 Count parameter. This allows an attacker to provide a large "p2c" value, leading to a Denial of Service DoS CPU consumption vulnerability...

7.5CVSS6.6AI score0.00054EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologiesadded 2023/12/03 12:0 a.m.1 views

PT-2023-8747 · Jose4J · Jose4J

Name of the Vulnerable Software and Affected Versions: jose4j versions prior to 0.9.4 Description: The issue is related to the improper implementation of the PBES2 algorithm in the jose4j component when handling the p2c parameter. This can allow a remote attacker to cause a denial of service due ...

7.8CVSS6.7AI score0.00383EPSS
Exploits1References58
Positive Technologies
Positive Technologiesadded 2023/12/03 12:0 a.m.1 views

PT-2023-7638 · Unknown · Lestrrat-Go/Jwx

Name of the Vulnerable Software and Affected Versions: lestrrat-go/jwx versions prior to 1.2.27 lestrrat-go/jwx versions prior to 2.0.18 Description: The issue is related to the JWE key management algorithms based on PBKDF2, which require a JOSE Header Parameter called p2c PBES2 Count. This...

5.3CVSS5.3AI score0.00183EPSS
Exploits1References12
Rows per page
Query Builder