CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

93 matches found

Github Security Blog•added 2026/05/27 9:3 p.m.•6 views

Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims

Description OidcTokenHandler is Symfony's built-in access-token handler for OpenID Connect: it validates a bearer JWT and returns the authenticated user identity. It delegates claim validation to the web-token/jwt-checker library's ClaimCheckerManager. OidcTokenHandler::verifyClaims registers...

5.8AI score

Exploits0References6Affected Software2

RedhatCVE•added 2026/04/27 7:23 p.m.•1 views

CVE-2026-7018

A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the...

6.3CVSS5.2AI score0.00023EPSS

Exploits0References1

NVD•added 2026/04/26 4:16 a.m.•2 views

CVE-2026-7018

6.3CVSS0.00023EPSS

Exploits0References8

EUVD•added 2026/04/26 3:30 a.m.•0 views

EUVD-2026-25693

6.3CVSS5.3AI score0.00023EPSS

Exploits0References8

RedhatCVE•added 2026/04/07 5:12 a.m.•1 views

CVE-2026-5622

A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JWT Token Handler. This manipulation of the argument SERVERSECRET with the input secret causes use ...

6.3CVSS5.3AI score0.00038EPSS

Exploits0References1

EUVD•added 2026/04/06 6:30 a.m.•2 views

EUVD-2026-19172

6.3CVSS5.3AI score0.00038EPSS

Exploits0References4

NVD•added 2026/04/06 5:16 a.m.•3 views

CVE-2026-5622

6.3CVSS0.00038EPSS

Exploits0References3

ATTACKERKB•added 2026/04/06 4:30 a.m.•3 views

CVE-2026-5622

6.3CVSS5.3AI score0.00038EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/04/06 4:30 a.m.•2 views

CVE-2026-5622 hcengineering Huly Platform JWT Token token.ts hard-coded key

6.3CVSS5.3AI score0.00038EPSS

Exploits0References3

Cvelist•added 2026/04/06 4:30 a.m.•27 views

CVE-2026-5622 hcengineering Huly Platform JWT Token token.ts hard-coded key

6.3CVSS0.00038EPSS

Exploits0References3

CNNVD•added 2026/04/06 12:0 a.m.•3 views

Huly Platform 安全漏洞

Huly Platform is an integrated project management platform developed by Huly in open source. Version 0.7.382 of Huly Platform contains a security vulnerability, which stems from the use of a hardcoded secret key in the SERVERSECRET parameter of the JWT Token Handler component...

6.3CVSS5.8AI score0.00038EPSS

Exploits0References3

Positive Technologies•added 2026/04/06 12:0 a.m.•4 views

PT-2026-30565

6.3CVSS5.3AI score0.00038EPSS

Exploits0References4

NVD•added 2026/03/03 10:16 a.m.•3 views

CVE-2025-15598

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be...

6.3CVSS0.00024EPSS

Exploits1References4

ATTACKERKB•added 2026/03/03 9:32 a.m.•3 views

CVE-2025-15598

6.3CVSS5.3AI score0.00024EPSS

Exploits1References4Affected Software1

CNNVD•added 2026/03/03 12:0 a.m.•3 views

Dataease SQLBot 数据伪造问题漏洞

Dataease SQLBot is a robot plugin developed by Dataease as open source. Versions of Dataease SQLBot 1.5.1 and earlier contained a data manipulation vulnerability. This vulnerability stemmed from improper verification of the encrypted signature for the validateEmbedded function in the JWT Token...

6.3CVSS5.8AI score0.00024EPSS

Exploits1References5

RedhatCVE•added 2026/02/10 7:33 a.m.•2 views

CVE-2026-2215

A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRETKEY results in use of default cryptographic key. The attack can be initiated...

6.3CVSS5AI score0.00044EPSS

Exploits0References1

CVE•added 2026/02/09 4:32 a.m.•7 views

CVE-2026-2215

CVE-2026-2215 affects rachelos WeRSS we-mp-rss up to 1.4.8. The issue concerns improper handling in the JWT Handler’s core/auth.py where manipulating the SECRET_KEY can cause the system to fall back to a default cryptographic key. This enables remote exploitation under high complexity with a netw...

6.3CVSS4.7AI score0.00044EPSS

Exploits0References4

CNNVD•added 2026/02/09 12:0 a.m.•2 views

WeRSS 安全漏洞

WeRSS is a WeChat official account system developed by Rachel. Versions of WeRSS 1.4.8 and earlier contained security vulnerabilities. These vulnerabilities stemmed from incorrect handling of the SECRETKEY parameter in the core/auth.py file of the JWT Handler component, which could lead to the us...

6.3CVSS5.8AI score0.00044EPSS

Exploits0References5

Positive Technologies•added 2026/02/09 12:0 a.m.•2 views

PT-2026-7067

A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRET KEY results in use of default cryptographic key. The attack can be initiated...

6.3CVSS5AI score0.00044EPSS

Exploits0References5

RedhatCVE•added 2026/01/21 1:32 a.m.•6 views

CVE-2026-1203

A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function remoteRegister of the file crmeb/app/services/user/LoginServices.php of the component JSON Token Handler. Executing a manipulation of the argument uid can lead to improper authentication. The attack may be...

8.1CVSS5.2AI score0.00087EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by