Lucene search
K

274 matches found

Cvelist
Cvelist
added 2026/07/07 1:5 p.m.33 views

CVE-2026-44938 Fleet has PSS Bypass through addLabelsFromOptions in Fleet Agent

A vulnerability has been identified in Fleet's agent-side deployer, which did not filter security-sensitive keys from namespaceLabels in fleet.yaml or BundleDeployment.spec.options.namespaceLabels when applying them to the target namespace. An attacker with git push access to a Fleet-monitored...

8.8CVSS0.00508EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Thunderbird

Thunderbird versions prior to 91.3.0 are vulnerable to a heap overflow vulnerability described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA ...

9.8CVSS8.4AI score0.00469EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in nss, Thunderbird

Versions of NSS Network Security Services prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications that use NSS to handle signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are likely to be affected. Applications that...

9.8CVSS7.1AI score0.17563EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/29 7:41 a.m.3 views

CVE-2026-33996

A flaw was found in LibJWT, a C JSON Web Token Library. When parsing JSON Web Key JWK files for RSA-PSS, the library did not correctly handle cases where NULL values were encountered instead of expected string values. An attacker could exploit this vulnerability by providing a specially crafted J...

5.9CVSS5.8AI score0.0015EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-33996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value whe...

5.8CVSS6.1AI score0.0015EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 11:17 p.m.4 views

DEBIAN-CVE-2026-33996

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...

5.5CVSS5.4AI score0.0015EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 11:17 p.m.4 views

CVE-2026-33996

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...

5.8CVSS0.0015EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/27 11:17 p.m.4 views

CVE-2026-33996

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...

5.8CVSS5.8AI score0.0015EPSS
Exploits0References3
OSV
OSV
added 2026/03/27 11:17 p.m.12 views

UBUNTU-CVE-2026-33996

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...

5.8CVSS5.8AI score0.0015EPSS
Exploits0References4
OSV
OSV
added 2026/03/27 10:21 p.m.5 views

CVE-2026-33996 LibJWT has NULL/bounds validation in JWK octet and RSA PSS parsing

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...

5.8CVSS5.9AI score0.0015EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/27 10:21 p.m.4 views

EUVD-2026-16899

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...

5.8CVSS5.9AI score0.0015EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 10:21 p.m.2 views

CVE-2026-33996

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...

5.8CVSS5.9AI score0.0015EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/27 10:21 p.m.2 views

CVE-2026-33996

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...

5.8CVSS5.9AI score0.0015EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/27 10:21 p.m.3 views

CVE-2026-33996

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...

5.8CVSS5.4AI score0.0015EPSS
Exploits0
CVE
CVE
added 2026/03/27 10:21 p.m.17 views

CVE-2026-33996

LibJWT (C, the JSON Web Token library) versions prior to 3.3.0 are affected by a NULL value handling bug in JWK parsing for RSA-PSS. In 3.0.0–3.2.x, the parser could misinterpret integers where strings were expected, potentially enabling malformed JWKs to affect parsing. The issue was fixed in 3....

5.8CVSS5.9AI score0.0015EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 10:21 p.m.8 views

CVE-2026-33996 LibJWT has NULL/bounds validation in JWK octet and RSA PSS parsing

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...

5.8CVSS5.9AI score0.0015EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.13 views

libjwt 代码问题漏洞

LibJWT is a C-language library developed by Ben Collins, designed for generating and verifying JSON Web Tokens. Versions of LibJWT from 3.0.0 to 3.3.0 contained code vulnerabilities. These vulnerabilities stemmed from RSA-PSS’s JWK parsing mechanism, which did not properly handle empty values,...

5.8CVSS5.9AI score0.0015EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.8 views

PT-2026-28589

Name of the Vulnerable Software and Affected Versions LibJWT versions 3.0.0 through 3.2.9 Description LibJWT, a C JSON Web Token Library, has an issue in the RSA-PSS JWK parsing functionality. Versions prior to 3.3.0 do not adequately validate JSON string values, specifically failing to protect...

5.8CVSS5.8AI score0.0015EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.9 views

CVE-2025-51626

SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancelorder.php endpoint...

6.5CVSS8.1AI score0.00215EPSS
Exploits0References1
OSV
OSV
added 2026/01/09 9:16 p.m.3 views

CVE-2025-51626

SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancelorder.php endpoint...

6.5CVSS5.8AI score0.00215EPSS
Exploits0References2
Rows per page
Query Builder