Lucene search
+L

6 matches found

Cvelist
Cvelist
added yesterday6 views

CVE-2026-49852 joserfc: HS256/HS384/HS512 verify accepts empty/nil HMAC key (cross-language sibling of CVE-2026-45363)

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. Prior to 1.6.8, joserfc.jwt.decode accepts attacker-forged HMAC-signed tokens when the caller-supplied verification key is the empty string or None, because HMACAlgorithm.sign...

8.7CVSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.14 views

PT-2026-55459

Name of the Vulnerable Software and Affected Versions joserfc versions 1.6.7 and earlier Description An authentication bypass exists when the verification key provided to joserfc.jwt.decode is an empty string or None. This occurs because the HMACAlgorithm.verify and HMACAlgorithm.sign functions...

8.7CVSS6AI score
Exploits0References15
CVE
CVE
added 2026/02/26 2:58 p.m.33 views

CVE-2026-26077

CVE-2026-26077 – Discourse webhook authentication bypass . Affects Discourse prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, where several webhook endpoints (SendGrid, Mailjet, Mandrill, Postmark, SparkPost) in the WebhooksController accepted requests without a valid authentication token whe...

6.5CVSS5.3AI score0.0024EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-3021

Malicious code in bioql PyPI...

5.5CVSS7.1AI score0.00324EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2024/12/05 8:12 p.m.9 views

CVE-2024-53846

A regression flaw was introduced into Erlang OTP's SSL application. This issue results in a server or client verifying the peer when incorrect extended key usage is presented. For example, a server will verify if a client has server auth ext key usage and vice versa...

5.5CVSS6.8AI score0.00251EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/11/04 12:0 a.m.5 views

Nokia ASIK AirScale 5G Common System Module 安全漏洞

The Nokia ASIK AirScale 5G Common System Module is a common system unit from Nokia, Finland. A security vulnerability exists in Nokia ASIK AirScale 5G Common System Module versions 474021A.101 and 474021A.102, which arises from its boot loader loading a public key used for firmware verification...

8.4CVSS7.3AI score0.0022EPSS
Exploits0References3
Rows per page
Query Builder