Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/02/25 6:44 p.m.5 views

CVE-2026-25554

A flaw was found in OpenSIPS. The authjwt module, when configured with dbmode and a SQL database backend, contains a SQL injection vulnerability in the jwtdbauthorize function. This function extracts the tag claim from a JSON Web Token JWT without verifying its signature and directly incorporates...

8.3CVSS5.9AI score0.00318EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/02/25 4:54 p.m.4 views

CVE-2026-25554

OpenSIPS versions 3.1 before 3.6.4 containing the authjwt module prior to commit 3822d33 contain a SQL injection vulnerability in the jwtdbauthorize function in modules/authjwt/authorize.c when dbmode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT...

8.3CVSS5.9AI score0.00318EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/02/25 4:54 p.m.23 views

CVE-2026-25554 OpenSIPS 3.1 <= 3.6.4 auth_jwt SQL Injection Enables JWT Authentication Bypass

OpenSIPS versions 3.1 before 3.6.4 containing the authjwt module prior to commit 3822d33 contain a SQL injection vulnerability in the jwtdbauthorize function in modules/authjwt/authorize.c when dbmode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT...

8.3CVSS0.00318EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.9 views

PT-2026-21965

Name of the Vulnerable Software and Affected Versions OpenSIPS versions 3.1 through 3.6.3 Description The software contains a SQL injection issue within the jwt db authorize function in the auth jwt module when a SQL database backend is used and db mode is enabled. The function incorporates a tag...

8.3CVSS6AI score0.00318EPSS
Exploits0References11
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.15 views

WordPress BuddyForms Plugin <= 2.8.12 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Type Plugin Vulnerable versions = 2.8.12 Fixed in 2.8.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47377 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9418faef5fbf Credits SOPROBRO Required privilege Editor...

5.9CVSS6.5AI score0.00254EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder