Lucene search
K

48 matches found

RedHat Linux
RedHat Linux
added 4 days ago7 views

Important: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

7.4CVSS6AI score0.00394EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 6:22 a.m.5 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by insufficient verification of data authenticity in PyJWT

Summary IBM Cloud Pak for Data System CPDS 1.0 uses the PyJWT library, a JSON Web Token implementation in Python. CVE-2026-32597 affects PyJWT's validation of the crit Critical Header Parameter as defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT do...

7.5CVSS5.4AI score0.00269EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/06/15 7:27 p.m.6 views

GHSA-JQ35-7PRP-9V3F PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys

!NOTE Scored assuming a deployment where algorithm policy functions as an authentication/authorization boundary. In deployments where the algorithm policy enforces crypto agility only, the practical confidentiality impact is lower and the issue is closer to an integrity-of-policy-enforcement bug...

5.4CVSS5.5AI score0.00127EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.13 views

RockyLinux 10 : fence-agents (RLSA-2026:19138)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19138 advisory. pyjwt: PyJWT accepts unknown crit header extensions RFC 7515 ?4.1.11 MUST violation CVE-2026-32597 pyasn1: pyasn1 Vulnerable to Denial of Service via...

7.5CVSS6.6AI score0.0058EPSS
Exploits2References5
OSV
OSV
added 2026/05/30 6:3 p.m.20 views

RLSA-2026:19355 Important: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: cryptography: cryptography Subgroup Attack Due to Missing Subgroup...

7.5CVSS5.8AI score0.0058EPSS
Exploits2References4
Rockylinux
Rockylinux
added 2026/05/30 6:3 p.m.15 views

fence-agents security update

An update is available for fence-agents. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling...

8.2CVSS5.8AI score0.0058EPSS
Exploits2
SUSE CVE
SUSE CVE
added 2026/05/30 1:59 a.m.18 views

SUSE CVE-2026-48524

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

3.7CVSS5.8AI score0.00222EPSS
Exploits0References8
OSV
OSV
added 2026/05/29 4:3 p.m.14 views

RLSA-2026:19138 Important: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: pyjwt: PyJWT accepts unknown crit header extensions RFC 7515 ?4.1.11 MU...

7.5CVSS6.7AI score0.0058EPSS
Exploits2References3
Rockylinux
Rockylinux
added 2026/05/29 4:3 p.m.20 views

fence-agents security update

An update is available for fence-agents. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling...

7.5CVSS5.8AI score0.0058EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-48525

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option b64: false, RFC...

5.3CVSS6.1AI score0.00288EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.21 views

Linux Distros Unpatched Vulnerability : CVE-2026-48523

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or...

5.4CVSS6AI score0.00127EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-48522

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python...

4.2CVSS6.1AI score0.00181EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2026/05/28 4:50 p.m.6 views

360solutions-bc-mcp (>=0.5.3 <=0.5.6), 3di-cmd-client (>=0.0.1a0 <=0.0.3) +749 more potentially affected by CVE-2026-48526 via pyjwt (>=2.0.0 <=2.12.1)

pyjwt PYPI version =2.0.0, =0.5.3, =0.0.1a0, =1.1.1, =0.1.0, =0.1.1, =0.1.31, =0.1.0, =1.5.0, =0.1.0, =0.2.9, =0.5.0, =1.89.5, =1.420.4 and more Source cves: CVE-2026-48526 Source advisory: SNYK:PYTHON-PYJWT-17053408...

7.4CVSS5.7AI score0.00394EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/28 4:16 p.m.8 views

360solutions-bc-mcp (>=0.5.3 <=0.5.6), 3di-cmd-client (>=0.0.1a0 <=0.0.3) +1475 more potentially affected by CVE-2026-48522 via pyjwt (>=0.2.1 <=2.12.1)

pyjwt PYPI version =0.2.1, =0.5.3, =0.0.1a0, =0.1.1, =1.0.0, =2.0.0, =1.1.1, =0.8.44.4, =0.1.0, =0.1.1, =0.1.1, =0.1.5 - affo-user-service =1.0.4 and more Source cves: CVE-2026-48522 Source advisory: OSV:PYSEC-2026-175...

4.2CVSS5.7AI score0.00181EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/28 4:16 p.m.8 views

360solutions-bc-mcp (>=0.5.3 <=0.5.6), 3di-cmd-client (>=0.0.1a0 <=0.0.3) +1475 more potentially affected by CVE-2026-48524 via pyjwt (>=0.2.1 <=2.12.1)

pyjwt PYPI version =0.2.1, =0.5.3, =0.0.1a0, =0.1.1, =1.0.0, =2.0.0, =1.1.1, =0.8.44.4, =0.1.0, =0.1.1, =0.1.1, =0.1.5 - affo-user-service =1.0.4 and more Source cves: CVE-2026-48524 Source advisory: OSV:PYSEC-2026-177...

3.7CVSS5.7AI score0.00222EPSS
Exploits0
OSV
OSV
added 2026/05/28 4:16 p.m.38 views

UBUNTU-CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

4.2CVSS6AI score0.00181EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/28 3:10 p.m.55 views

CVE-2026-48523 PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS0.00127EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/05/27 10:13 p.m.17 views

Important: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

8.2CVSS6.7AI score0.00341EPSS
Exploits1References3
Rockylinux
Rockylinux
added 2026/05/07 12:6 p.m.17 views

fence-agents security update

An update is available for fence-agents. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling...

7.5CVSS5.8AI score0.0058EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.7 views

RockyLinux 10 : fence-agents (RLSA-2026:13916)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:13916 advisory. pyjwt: PyJWT accepts unknown crit header extensions RFC 7515 ?4.1.11 MUST violation CVE-2026-32597 pyasn1: pyasn1 Vulnerable to Denial of Service via...

7.5CVSS5.8AI score0.0058EPSS
Exploits2References5
Rows per page
Query Builder