Lucene search
K

4 matches found

CNNVD
CNNVD
added 2026/03/04 12:0 a.m.10 views

pac4j-jwt 数据伪造问题漏洞

pac4j-jwt is an JWT authentication module developed by pac4j as open source. Versions of pac4j-jwt prior to 4.5.9, 5.7.9, and 6.3.3 contained a data manipulation vulnerability. This vulnerability stems from the JwtAuthenticator’s inability to properly handle encrypted JWTs, leading to an...

9.3CVSS6.7AI score0.05856EPSS
Exploits17References3
SUSE CVE
SUSE CVE
added 2025/05/29 2:12 a.m.2 views

SUSE CVE-2025-5025

libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...

6.5CVSS6.8AI score0.00241EPSS
Exploits2References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:10 a.m.5 views

SUSE CVE-2015-8960

The TLS protocol 1.2 and earlier supports the rsafixeddh, dssfixeddh, rsafixedecdh, and ecdsafixedecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server...

8.1CVSS6.6AI score0.01947EPSS
Exploits1References3
Broadcom
Broadcom
added 2018/06/21 12:0 a.m.8 views

BSA-2018-620

Security Advisory ID : BSA-2018-620 Component : TLS Revision : 2.0 The TLS protocol 1.2 and earlier supports the rsafixeddh, dssfixeddh, rsafixedecdh, and ecdsafixedecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations...

8.1CVSS6.6AI score0.01947EPSS
Exploits1
Rows per page
Query Builder