6 matches found
CVE-2026-49852 joserfc: HS256/HS384/HS512 verify accepts empty/nil HMAC key (cross-language sibling of CVE-2026-45363)
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. Prior to 1.6.8, joserfc.jwt.decode accepts attacker-forged HMAC-signed tokens when the caller-supplied verification key is the empty string or None, because HMACAlgorithm.sign...
PT-2026-55459
Name of the Vulnerable Software and Affected Versions joserfc versions 1.6.7 and earlier Description An authentication bypass exists when the verification key provided to joserfc.jwt.decode is an empty string or None. This occurs because the HMACAlgorithm.verify and HMACAlgorithm.sign functions...
CVE-2026-26077
CVE-2026-26077 – Discourse webhook authentication bypass . Affects Discourse prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, where several webhook endpoints (SendGrid, Mailjet, Mandrill, Postmark, SparkPost) in the WebhooksController accepted requests without a valid authentication token whe...
EUVD-2024-3021
Malicious code in bioql PyPI...
CVE-2024-53846
A regression flaw was introduced into Erlang OTP's SSL application. This issue results in a server or client verifying the peer when incorrect extended key usage is presented. For example, a server will verify if a client has server auth ext key usage and vice versa...
Nokia ASIK AirScale 5G Common System Module 安全漏洞
The Nokia ASIK AirScale 5G Common System Module is a common system unit from Nokia, Finland. A security vulnerability exists in Nokia ASIK AirScale 5G Common System Module versions 474021A.101 and 474021A.102, which arises from its boot loader loading a public key used for firmware verification...