Lucene search
K

91 matches found

CVE
CVE
added 2026/06/12 5:7 p.m.251 views

CVE-2026-48558

Summary of vulnerability (CVE-2026-48558) : SimpleHelp versions 5.5.15 and earlier and 6.0 pre-release contain an authentication bypass in the OpenID Connect (OIDC) flow. When OIDC is configured, identity tokens are accepted without cryptographic signature verification, allowing a remote, unauthe...

10CVSS5.5AI score0.0116EPSS
In wildExploits1References5Affected Software1
NVD
NVD
added 2026/06/09 7:17 p.m.16 views

CVE-2026-36721

A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

9.8CVSS0.00268EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 4:38 p.m.17 views

CVE-2026-45156 Nextcloud: Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDC

Nextcloud is an open source content collaboration platform. From versions 0.3.0 to before 3.1.0, 5.0.0 to before 5.1.0, and 6.0.0 to before 6.4.0, a missing signature verification in User OIDC allowed a malicious ID4me authority to identify as any user. This issue has been patched in versions...

8.1CVSS5.7AI score0.00329EPSS
Exploits1References3
CVE
CVE
added 2026/05/27 9:2 p.m.20 views

CVE-2026-44720

OpenLearnX (pre-2.0.4) has a critical authentication vulnerability where JWT signature verification is disabled, enabling an attacker to bypass authentication and take over user accounts. Impact is unauthorized access under specific conditions; the issue is fixed in 2.0.4. Remediation: upgrade to...

6.9CVSS5.8AI score0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.14 views

PT-2026-38281

Name of the Vulnerable Software and Affected Versions azureauthextension versions 0.124.0 through 0.150.0 Description A server-side authentication bypass exists in the azureauthextension when used by an OpenTelemetry receiver with auth: azure auth. The Authenticate function fails to validate...

8.1CVSS5.8AI score0.00222EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/04/03 4:59 p.m.8 views

CVE-2026-33746

Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...

9.8CVSS5.9AI score0.003EPSS
Exploits0References1
CVE
CVE
added 2026/04/02 3:6 p.m.11 views

CVE-2026-33746

Convoy (KVM server management panel) is vulnerable in versions 3.9.0-beta through

9.8CVSS5.9AI score0.003EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/13 8:44 p.m.2 views

GHSA-Q926-C743-49QJ Centrifugo's InsecureSkipTokenSignatureVerify flag silently disables JWT verification with no warning

Summary Centrifugo supports a configuration flag insecureskiptokensignatureverify that completely disables JWT signature verification. When enabled, Centrifugo accepts any JWT token regardless of signature validity — including tokens signed with wrong keys, random signatures, or no signature at...

5.9AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 9 : open-vm-tools-12.1.5-1.el9.3.ML.1 (AXSA:2023-6439:10)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6439:10 advisory. open-vm-tools: SAML token signature bypass CVE-2023-20900 Tenable has extracted the preceding description block directly from the MiracleLinux security...

7.5CVSS5.6AI score0.01193EPSS
Exploits0References2
OSV
OSV
added 2025/10/17 2:54 p.m.5 views

OESA-2025-2431 google-oauth-java-client security update

Written by Google, the Google OAuth Client Library for Java is a powerful and easy-to-use Java library for the OAuth 1.0a and OAuth 2.0 authorization standards. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs. It is built o...

8.7CVSS6.9AI score0.00287EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2011-3106

Malware in sbrugna...

5CVSS6.4AI score0.01762EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-1445

Malware in sbrugna...

9.1CVSS9.1AI score0.00793EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-3429

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00583EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7158

Malicious code in bioql PyPI...

9.9CVSS9AI score0.00851EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2377

Malicious code in bioql PyPI...

8.1CVSS8.1AI score0.01335EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 8:47 p.m.5 views

CVE-2021-22160

If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens JWT, the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user incl. admins...

9.8CVSS6.9AI score0.52926EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/19 6:22 p.m.17 views

CVE-2024-54150 Algorithm Confusion Vulnerability in cjwt

cjwt is a C JSON Web Token JWT Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS...

8.7CVSS6.8AI score0.00384EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/08/14 12:0 a.m.38 views

RHEL 7 : open-vm-tools (RHSA-2024:5315)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:5315 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization...

7.5CVSS7.2AI score0.01193EPSS
Exploits0References4
OSV
OSV
added 2024/03/14 5:25 p.m.9 views

MGASA-2024-0058 Updated open-vm-tools packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Authentication bypass vulnerability in the vgauth module. CVE-2023-20867 SAML token signature bypass. CVE-2023-34058 File descriptor hijack vulnerability in the vmware-user-suid-wrapper. CVE-2023-34059...

7.5CVSS6.3AI score0.13638EPSS
Exploits0References7
OSV
OSV
added 2024/03/07 2:2 p.m.6 views

SUSE-SU-2024:0806-1 Security update for google-oauth-java-client

This update for google-oauth-java-client fixes the following issues: - CVE-2021-22573: Fixed token signature not verified bsc1199188...

8.7CVSS8.7AI score0.00287EPSS
Exploits0References3
Rows per page
Query Builder