Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

34 matches found

NVD
NVDadded 2026/05/13 4:16 p.m.6 views

CVE-2026-44459

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not...

3.8CVSS0.00021EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/13 3:2 p.m.1 views

CVE-2026-44459

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not...

3.8CVSS5.8AI score0.00021EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blogadded 2026/05/09 12:45 a.m.3 views

Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

Summary Improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not exploitable by an anonymous attacker; it only manifests when a malformed claim value reaches...

3.8CVSS5.8AI score0.00021EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2026/05/09 12:45 a.m.1 views

GHSA-HM8Q-7F3Q-5F36 Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

Summary Improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not exploitable by an anonymous attacker; it only manifests when a malformed claim value reaches...

3.8CVSS5.8AI score0.00021EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/21 9:9 p.m.1 views

CVE-2026-40942 DSF: Inverted Time Comparison in OIDC JWKS and Token Cache

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...

6.3CVSS5.8AI score0.00057EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/04/21 9:9 p.m.25 views

CVE-2026-40942 DSF: Inverted Time Comparison in OIDC JWKS and Token Cache

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...

6.3CVSS0.00057EPSS
Exploits0References3
NVD
NVDadded 2026/03/25 4:16 p.m.2 views

CVE-2026-20104

A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series Switches, and Cisco IE3500 and IE3505 Rugged Series Switches could allow an authenticated, local...

6.1CVSS0.00054EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2026/02/05 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2026-25537

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic...

7.5CVSS5.8AI score0.0004EPSS
Exploits1References3
NVD
NVDadded 2026/02/04 10:15 p.m.3 views

CVE-2026-25537

jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s...

7.5CVSS0.0004EPSS
Exploits1References2
UbuntuCve
UbuntuCveadded 2026/02/04 10:15 p.m.2 views

CVE-2026-25537

jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s...

7.5CVSS5.8AI score0.0004EPSS
Exploits1References3
OSV
OSVadded 2026/02/04 9:31 p.m.1 views

CVE-2026-25537 jsonwebtoken has Type Confusion that leads to potential authorization bypass

jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s...

6.9CVSS5.4AI score0.0004EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/02/04 9:31 p.m.26 views

CVE-2026-25537 jsonwebtoken has Type Confusion that leads to potential authorization bypass

jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s...

6.9CVSS0.0004EPSS
Exploits1References2
EUVD
EUVDadded 2026/02/04 9:31 p.m.4 views

EUVD-2026-5334

jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s...

6.9CVSS5.4AI score0.0004EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/02/04 9:31 p.m.1 views

CVE-2026-25537 jsonwebtoken has Type Confusion that leads to potential authorization bypass

jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s...

6.9CVSS5.4AI score0.0004EPSS
Exploits1References2
Debian CVE
Debian CVEadded 2026/02/04 9:31 p.m.2 views

CVE-2026-25537

jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s...

7.5CVSS5.5AI score0.0004EPSS
Exploits1
CNNVD
CNNVDadded 2026/02/04 12:0 a.m.2 views

jsonwebtoken 安全漏洞

jsonwebtoken is an implementation of a JSON Web Token developed by Auth0 as open source. Versions of jsonwebtoken prior to 10.3.0 contained a security vulnerability. This vulnerability stemmed from a declaration verification logic that had type confusion issues, which could lead to bypassing...

7.5CVSS5.8AI score0.0004EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2026/02/03 6:47 p.m.5 views

jsonwebtoken has Type Confusion that leads to potential authorization bypass

Summary: It has been discovered that there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s internal parsing mechanism...

7.5CVSS5.8AI score0.0004EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/02/03 12:0 a.m.1 views

PT-2026-6316

Name of the Vulnerable Software and Affected Versions jsonwebtoken versions prior to 10.3.0 Description A Type Confusion issue exists in jsonwebtoken, specifically within its claim validation logic. When a standard claim, such as 'nbf' or 'exp', is provided with an incorrect JSON type like a Stri...

6.9CVSS5.5AI score0.0004EPSS
Exploits1References21
SUSE CVE
SUSE CVEadded 2025/12/08 12:23 a.m.1 views

SUSE CVE-2025-40281

In the Linux kernel, the following vulnerability has been resolved: sctp: prevent possible shift-out-of-bounds in sctptransportupdaterto syzbot reported a possible shift-out-of-bounds 1 Blamed commit added rtoalphamax and rtobetamax set to 1000. It is unclear if some sctp users are setting very...

6.4AI score0.00076EPSS
Exploits0References3
NVD
NVDadded 2025/10/16 9:15 a.m.2 views

CVE-2025-54499

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...

3.7CVSS0.00033EPSS
Exploits0References1
Rows per page
Query Builder