PYSEC-2025-183

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement...

DEBIAN-CVE-2025-45768

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement...

Security Bulletin: TLS padding vulnerability affects Communications Server for Data Center Deployment, Communications Server for AIX, Communications Server for Linux, and Communications Server for Linux on System z (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects Communications Server for Data Center Deployment, Communications Server for AIX, Communications Server for Linux, and Communications Server for Linux on Syste...

GSA Bounty: Redirect on authorization allows account compromise

Login.gov had a bug in validating the redirecturi in the /openidconnect/authorize endpoint, which allowed specially crafted subdomains to be incorrectly validated when they began with a valid hostname. For example, a redirecturi with a hostname of agency.gov.example.com would validate a URL as if...