CVE-2026-44459

CVE-2026-44459 (Hono) concerns improper validation of JWT NumericDate claims (exp, nbf, iat) in hono/utils/jwt prior to 4.12.18. The vulnerability allows tokens with non-spec-compliant claim values to silently bypass time-based checks when verify() processes malformed claims (not exploitable by a...

CVE-2026-44459 Hono: Improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not...

DEBIAN-CVE-2026-25537

jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s...

GHSA-H395-GR6Q-CPJC jsonwebtoken has Type Confusion that leads to potential authorization bypass

Summary: It has been discovered that there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s internal parsing mechanism...

Fedora 20 : e2fsprogs-1.42.12-2.fc20 (2015-2279)

Changes e2fsck.conf so that for filesystems with time-based check intervals set in the superblock, these time-based checks will work again. You may need to wait through an e2fsck on your next reboot in this case. New upstream release Security fix for CVE-2015-0247 Note that Tenable Network Securi...