CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/06/09 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-11785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed ...

4.3CVSS5.4AI score0.00206EPSS

OSV•added 2026/06/08 10:59 p.m.•13 views

GHSA-CMM3-54F8-PX4J Netty's Default QUIC token handler accepts any client-supplied token

NoQuicTokenHandler is the tokenHandler used when the application does not set one. Its writeToken returns false server will not send Retry — acceptable, but validateToken unconditionally return 0. In QuicheQuicServerCodec.handlePacket, a non-negative return from validateToken is interpreted as...

7.5CVSS5.4AI score0.00171EPSS

Positive Technologies•added 2026/06/08 12:0 a.m.•8 views

PT-2026-47566

7.5CVSS5.4AI score

Github Security Blog•added 2026/05/27 9:3 p.m.•15 views

Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims

Description OidcTokenHandler is Symfony's built-in access-token handler for OpenID Connect: it validates a bearer JWT and returns the authenticated user identity. It delegates claim validation to the web-token/jwt-checker library's ClaimCheckerManager. OidcTokenHandler::verifyClaims registers...

5.8AI score0.0005EPSS

Exploits0References6Affected Software2

RedhatCVE•added 2026/04/27 7:23 p.m.•2 views

CVE-2026-7018

A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the...

6.3CVSS5.2AI score0.00338EPSS

Exploits0References1

NVD•added 2026/04/26 4:16 a.m.•5 views

CVE-2026-7018

6.3CVSS0.00338EPSS

Exploits0References8

EUVD•added 2026/04/26 3:30 a.m.•5 views

EUVD-2026-25693

6.3CVSS5.3AI score0.00338EPSS

Exploits0References8

RedhatCVE•added 2026/04/07 5:12 a.m.•4 views

CVE-2026-5622

A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JWT Token Handler. This manipulation of the argument SERVERSECRET with the input secret causes use ...

EUVD•added 2026/04/06 6:30 a.m.•4 views

Exploits0References1

EUVD-2026-19172

NVD•added 2026/04/06 5:16 a.m.•5 views

CVE-2026-5622

6.3CVSS0.00255EPSS

Cvelist•added 2026/04/06 4:30 a.m.•30 views

CVE-2026-5622 hcengineering Huly Platform JWT Token token.ts hard-coded key

6.3CVSS0.00255EPSS

ATTACKERKB•added 2026/04/06 4:30 a.m.•4 views

CVE-2026-5622

Exploits0References4Affected Software1

Vulnrichment•added 2026/04/06 4:30 a.m.•3 views

CVE-2026-5622 hcengineering Huly Platform JWT Token token.ts hard-coded key

Positive Technologies•added 2026/04/06 12:0 a.m.•6 views

PT-2026-30565

CNNVD•added 2026/04/06 12:0 a.m.•6 views

Huly Platform 安全漏洞

Huly Platform is an integrated project management platform developed by Huly in open source. Version 0.7.382 of Huly Platform contains a security vulnerability, which stems from the use of a hardcoded secret key in the SERVERSECRET parameter of the JWT Token Handler component...

6.3CVSS5.8AI score0.00255EPSS