Lucene search
+L

3321 matches found

Nuclei
Nuclei
added 9 hours ago85 views

DataEase v2.10.2 - JWT Signature Verification Bypass

DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions, the lack of signature verification of JWT tokens allows attackers to forge JWTs, which then allow access to any interface. The...

9.3CVSS5.3AI score0.01223EPSS
Exploits1References1
CVE
CVE
added yesterday27 views

CVE-2026-49852

Summary: CVE-2026-49852 affects the Python library joserfc. Prior to version 1.6.8, joserfc.jwt.decode can accept attacker-forged HS256/HS384/HS512 tokens if the verification key is empty or None, enabling potential authentication bypass when the configured secret resolves to an empty string. The...

8.7CVSS5.3AI score
Exploits0References3
OSV
OSV
added 2 days ago6 views

CVE-2026-45795 Janssen Project: JWE Request Object Signature Verification Bypass in jans-auth-server

The Janssen Project is an open-source identity and access management IAM platform. Prior to 2.0.0, jans-auth-server accepts unsigned JWE request objects because JwtAuthorizationRequest skips inner signature validation when jwe.getSignedJWTPayload returns null, and...

5.3CVSS6.1AI score0.00159EPSS
Exploits0References6
CVE
CVE
added 2 days ago11 views

CVE-2026-45795

The Janssen Project's Jans-auth-server had a JWE request object signature verification bypass prior to version 2.0.0: unsigned JWE were accepted because JwtAuthorizationRequest skipped inner signature validation when jwe.getSignedJWTPayload() was null, and AuthzRequestService.processRequestObject...

5.3CVSS6.1AI score0.00159EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago41 views

CVE-2026-48863 Libsolv: stack-based buffer overflow in libsolv eddsa pgp signature verification allows denial of service

A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processin...

7.5CVSS0.0081EPSS
Exploits0References3
NVD
NVD
added 3 days ago7 views

CVE-2026-59955

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under...

7.5CVSS0.00549EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-59955 Apollo ConfigService access key authentication bypass via raw config file appId parsing

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under...

7.5CVSS0.00549EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-61436 PraisonAI before 4.6.78 Missing Webhook Signature Verification

PraisonAI before 4.6.78 fails to verify Svix webhook signatures in AgentMail webhook mode, allowing unauthenticated attackers to forge message.received events. Attackers can send crafted JSON payloads to the webhook endpoint to invoke configured agents with arbitrary sender addresses and message...

8.8CVSS0.0029EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago13 views

EUVD-2026-44642

PraisonAI before 4.6.78 fails to verify Svix webhook signatures in AgentMail webhook mode, allowing unauthenticated attackers to forge message.received events. Attackers can send crafted JSON payloads to the webhook endpoint to invoke configured agents with arbitrary sender addresses and message...

8.8CVSS6.2AI score0.0029EPSS
Exploits0References4
OSV
OSV
added 4 days ago6 views

JLSEC-2026-716 Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA...

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication...

9.3CVSS6.2AI score0.00468EPSS
Exploits1References4
NVD
NVD
added 4 days ago7 views

CVE-2026-47304

Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network...

8.1CVSS0.00201EPSS
Exploits0References1
CVE
CVE
added 4 days ago29 views

CVE-2026-47212

Symfony’s Twilio Notifier Bridge contains a vulnerability in TwilioRequestParser::doParse() where the configured webhook secret is read but the X-Twilio-Signature verification is ignored, allowing unauthenticated POSTs to inject forged Twilio status payloads. Affected releases: Symfony before 6.4...

6.9CVSS6.1AI score0.00238EPSS
Exploits0References5Affected Software1
OSV
OSV
added 4 days ago6 views

UBUNTU-CVE-2026-47304

Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network...

8.1CVSS6.1AI score0.00201EPSS
Exploits0References6
OSV
OSV
added 5 days ago12 views

RLSA-2026:36215 Important: compat-openssl10 security update

The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1. Security Fixes: openssl: Heap...

8.1CVSS7AI score0.02719EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-60109

Summary Apollo ConfigService may allow unauthorized access to configuration data when AccessKey / management key authentication is enabled and ConfigService accepts a non-canonical appId variant during authentication while downstream request handling resolves it to the protected app. Details...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References6
Fedora
Fedora
added 6 days ago10 views

[SECURITY] Fedora 43 Update: perl-Crypt-DSA-1.22-1.fc43

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...

7.5CVSS6.1AI score0.00508EPSS
Exploits0
Snyk
Snyk
added 2026/07/11 2:34 p.m.9 views

User Impersonation

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

7.3CVSS6.2AI score0.00246EPSS
Exploits0References2
NVD
NVD
added 2026/07/11 2:16 p.m.14 views

CVE-2026-61428

PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook endpoint to inject arbitrary content into the agent and...

7.3CVSS0.00246EPSS
Exploits0References2
CVE
CVE
added 2026/07/11 1:1 p.m.25 views

CVE-2026-61428

PraisonAI AgentMail is affected by CVE-2026-61428 in versions before 4.6.78, where webhook messages lack signature verification. This enables unauthenticated attackers to POST crafted message.received events to the webhook endpoint, injecting arbitrary content into the agent and triggering replie...

7.3CVSS6.2AI score0.00246EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/09 8:58 p.m.8 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the verifySignature process due to improper verification of cryptographic signatures when handling the return value of opensslverify. An attacker can gain unauthorized access and perfo...

8.8CVSS6.1AI score0.00022EPSS
Exploits0References2
Rows per page
Query Builder