CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

41 matches found

RedhatCVE•added 2026/06/04 10:17 p.m.•6 views

CVE-2026-48524

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. A remote attacker can exploit this vulnerability by sending specially crafted JWTs with unknown 'kid' key ID values. This can force the PyJWKClient.getsigningkey function to make an unlimited number of unrate-limit...

5.9CVSS5.7AI score0.00057EPSS

Exploits0References4

Snyk•added 2026/05/28 4:50 p.m.•7 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the uri parameter being passed directly to urllib.request.urlopen, which allows fetching resources using unsupported schemes such as file, ftp, and data. An attacker can access...

4.2CVSS5.9AI score0.00034EPSS

Exploits1References2

PyPA•added 2026/05/28 4:16 p.m.•8 views

PYSEC-2026-177

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

3.7CVSS5.8AI score0.00057EPSS

Exploits0References1Affected Software1

Debian CVE•added 2026/05/28 3:10 p.m.•10 views

CVE-2026-48523

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00014EPSS

Exploits1

Veracode•added 2026/05/16 5:26 a.m.•9 views

Server-Side Request Forgery (SSRF)

github.com/centrifugal/centrifug is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of dynamic JWKS endpoint template variables, which allows an unauthenticated attacker to craft a malicious JWT with manipulated iss or aud claims to force Centrifugo t...

9.3CVSS6.4AI score0.00109EPSS

Exploits1References2Affected Software1

Veracode•added 2026/05/15 10:15 a.m.•9 views

Authentication Bypass

Unity Catalog is vulnerable to Authentication Bypass. The vulnerability is due to improper validation of the iss claim in JWT tokens, where the token exchange endpoint dynamically fetches JWKS data based on attacker-controlled issuer values without verifying trusted identity providers, allowing...

9.1CVSS5.8AI score0.0003EPSS

Exploits0References2Affected Software1

NVD•added 2026/05/09 8:16 p.m.•8 views

CVE-2026-42576

apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as rsa.PublicKey without checking the key type. If a repository JWKS endpoint returns a non-RSA key e.g...

6.5CVSS0.00038EPSS

Exploits0References3

CVE•added 2026/05/09 7:26 p.m.•6 views

CVE-2026-42576

CVE-2026-42576 affects chainguard/apko. Before v1.2.7, DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as *rsa.PublicKey without key-type checks. If a repository JWKS endpoint returns a non-RSA key (e.g., EC), an unchecked type assertion panics, crashing apko ...

6.5CVSS5.7AI score0.00038EPSS

Exploits0References3

EUVD•added 2026/05/09 7:26 p.m.•6 views

EUVD-2026-28934

6.5CVSS5.7AI score0.00038EPSS

Exploits0References3

CNNVD•added 2026/05/09 12:0 a.m.•5 views

apko 代码问题漏洞

Apko is an open-source OCI image builder based on APK. Versions of Apko prior to 1.2.7 had code vulnerabilities. These vulnerabilities stemmed from DiscoverKeys’ unconditional assertion of JWKS key types as rsa.PublicKey without checking the key type. This could lead to panic and crashes due to...

6.5CVSS5.9AI score0.00038EPSS

Exploits0References1

Snyk•added 2026/05/04 9:25 p.m.•4 views

Incorrect Type Conversion or Cast

Overview Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast in the DiscoverKeys process. An attacker can cause the application to crash by providing a non-RSA key such as an EC key from a repository JWKS endpoint, which triggers a panic due to an unchecked type...

7.1CVSS5.8AI score0.00038EPSS

Exploits0References2

Cvelist•added 2026/04/21 9:9 p.m.•26 views

CVE-2026-40942 DSF: Inverted Time Comparison in OIDC JWKS and Token Cache

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...

6.3CVSS0.00057EPSS

Exploits0References3

Snyk•added 2026/04/15 7:19 p.m.•6 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to an inverted time comparison in the OIDC JWKS and token cache processes. An attacker can cause expired tokens to be reused or force repeated network requests to the OIDC provider by...

6.3CVSS5.8AI score0.00057EPSS

Exploits0References2

Snyk•added 2026/03/13 8:3 p.m.•2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...

9.3CVSS5.9AI score0.00109EPSS

Exploits1References2

Snyk•added 2026/03/13 8:3 p.m.•1 views

Server-side Request Forgery (SSRF)

9.3CVSS5.9AI score0.00109EPSS

Exploits1References2

Snyk•added 2026/03/13 8:3 p.m.•2 views

Server-side Request Forgery (SSRF)

9.3CVSS5.9AI score0.00109EPSS

Exploits1References2

Snyk•added 2026/03/13 8:3 p.m.•2 views

Server-side Request Forgery (SSRF)