Monthly
Symfony's OidcTokenHandler accepts bearer JWTs that omit the audience (aud), issuer (iss), and expiry (exp) claims, bypassing critical security constraints enforced by OpenID Connect. Applications using symfony/security-http's OIDC access-token authentication are exposed to authentication bypass: an attacker presenting a validly-signed JWT that simply lacks these claims will be authenticated without audience binding, issuer verification, or expiry enforcement. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV, but the patch is available and upgrade is strongly recommended for any application using Symfony's built-in OIDC handler.
Trust-store poisoning in Samba's certificate auto-enrollment lets an adjacent-network attacker install an attacker-controlled CA certificate when auto-enrollment is enabled. Because Samba retrieves the CA certificate over plaintext HTTP and adds it to the local trust store without verifying authenticity, a man-in-the-middle can have a rogue CA trusted system-wide, enabling interception or spoofing of otherwise trusted TLS communications. The issue carries CVSS 8.0 with high confidentiality and integrity impact and a changed scope; EPSS is 0.00% and no public exploit identified at time of analysis.
Transcript malleability in the Plonky3 zero-knowledge proof framework's MultiField32Challenger allows a malicious prover to construct distinct Fiat-Shamir transcripts that collapse to identical challenges, undermining the soundness of proofs generated with the p3-challenger Rust crate. The flaw stems from three independent issues in the sponge construction - non-injective absorption, non-injective squeezing, and silent high-bit truncation on large prime fields such as BN254 - and impacts every consumer of versions prior to 0.4.3 and 0.5.0-0.5.2. No public exploit identified at time of analysis, but the cryptographic break is described in detail in the upstream GHSA-vj64-rjf3-w3v7 advisory.
Cryptographic verification bypass in the nimiq-primitives Rust crate allows remote unauthenticated attackers to forge MacroBlock headers and have them accepted as proven without any hash or signature check. The flaw exists in `BlockInclusionProof::is_block_proven` within core-rs-albatross <= 0.2.0 of nimiq-primitives: when the interlink hop list is empty - a condition that arises legitimately at a specific epoch boundary - the function previously returned true unconditionally rather than verifying the election head actually references the target block. No public exploit identified at time of analysis; vendor-released patch is available as core-rs-albatross v1.4.0.
Silent output manipulation in RTK (Rust Token Killer) prior to v0.32.0 allows an attacker who can place a file in a repository to intercept and alter all shell command output before it reaches an LLM during AI-assisted development. The root cause is that RTK unconditionally loaded `.rtk/filters.toml` from the current working directory with highest priority and no user notification, enabling regex-based suppression or rewriting of file contents, diffs, and security scan results. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; however, the attack surface - repository-committed config files silently hijacking LLM context - is particularly relevant to AI-assisted development pipelines where developers may not scrutinize every checked-in config.
Mesalvo Meona's Client Launcher and Server components fail to verify data authenticity (CWE-345), enabling a locally authenticated low-privileged user to send email messages to arbitrary recipients. Both the Client Launcher Component through version 19.06.2020 15:11:49 and the Server Component through version 2025.04 5+323020 are affected per NVD CPE data. No public exploit code exists and this vulnerability has not been added to the CISA KEV catalog, but the integrity and information disclosure impact could enable internal email abuse or phishing pivots from a compromised endpoint.
OpenClaw before version 2026.4.20 fails to preserve untrusted labels on webhook-triggered cron agent output, allowing events to be recorded as trusted system events instead of untrusted events. This trust-labeling issue can strengthen prompt-injection attacks by rendering attacker-controlled webhook data as legitimate system events, though it does not directly bypass authentication, tool policy, or sandboxing controls.
Spring Cloud AWS SNS HTTP/HTTPS endpoint handlers (@NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping) in versions 3.0.0-3.4.2, 4.0.0, and 4.0.1 fail to verify the cryptographic signature of incoming SNS messages, allowing unauthenticated attackers who know the endpoint URL to send forged SNS notifications, subscription confirmations, or unsubscribe requests. This enables attackers to trigger arbitrary message processing, auto-confirm malicious topic subscriptions, or force unsubscription from legitimate topics. Fixed in Spring Cloud AWS 4.0.2 with signature verification enabled by default; 3.x line receives no patch and must use workarounds.
Vaultwarden versions 1.35.4 and earlier allow authenticated attackers to permanently disable WebAuthn two-factor authentication for user credentials by exploiting a logic flaw in the `validate_webauthn_login()` function that updates backup eligibility flags before validating the WebAuthn signature. An attacker with knowledge of a user's password can modify these persistent flags even when providing an invalid WebAuthn signature, causing signature verification to fail without rolling back the database changes, resulting in denial of service of the 2FA mechanism for affected credentials. The vulnerability has been patched in version 1.35.5.
JWT type confusion in Nuts Node v1 access token introspection endpoint allows authenticated attackers to replay Verifiable Presentation (VP) JWTs as access tokens, receiving active:true responses without proper validation of JWT type, issuer-to-key binding, or required claims. Exploitation requires prior receipt of a VP JWT during legitimate protocol flow and low attack complexity due to lenient JWT processing, though real-world impact is constrained by resource servers requiring valid service, iss, and aud fields for routing. Confirmed patched in v5.4.31 and v6.2.3.
Symfony's OidcTokenHandler accepts bearer JWTs that omit the audience (aud), issuer (iss), and expiry (exp) claims, bypassing critical security constraints enforced by OpenID Connect. Applications using symfony/security-http's OIDC access-token authentication are exposed to authentication bypass: an attacker presenting a validly-signed JWT that simply lacks these claims will be authenticated without audience binding, issuer verification, or expiry enforcement. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV, but the patch is available and upgrade is strongly recommended for any application using Symfony's built-in OIDC handler.
Trust-store poisoning in Samba's certificate auto-enrollment lets an adjacent-network attacker install an attacker-controlled CA certificate when auto-enrollment is enabled. Because Samba retrieves the CA certificate over plaintext HTTP and adds it to the local trust store without verifying authenticity, a man-in-the-middle can have a rogue CA trusted system-wide, enabling interception or spoofing of otherwise trusted TLS communications. The issue carries CVSS 8.0 with high confidentiality and integrity impact and a changed scope; EPSS is 0.00% and no public exploit identified at time of analysis.
Transcript malleability in the Plonky3 zero-knowledge proof framework's MultiField32Challenger allows a malicious prover to construct distinct Fiat-Shamir transcripts that collapse to identical challenges, undermining the soundness of proofs generated with the p3-challenger Rust crate. The flaw stems from three independent issues in the sponge construction - non-injective absorption, non-injective squeezing, and silent high-bit truncation on large prime fields such as BN254 - and impacts every consumer of versions prior to 0.4.3 and 0.5.0-0.5.2. No public exploit identified at time of analysis, but the cryptographic break is described in detail in the upstream GHSA-vj64-rjf3-w3v7 advisory.
Cryptographic verification bypass in the nimiq-primitives Rust crate allows remote unauthenticated attackers to forge MacroBlock headers and have them accepted as proven without any hash or signature check. The flaw exists in `BlockInclusionProof::is_block_proven` within core-rs-albatross <= 0.2.0 of nimiq-primitives: when the interlink hop list is empty - a condition that arises legitimately at a specific epoch boundary - the function previously returned true unconditionally rather than verifying the election head actually references the target block. No public exploit identified at time of analysis; vendor-released patch is available as core-rs-albatross v1.4.0.
Silent output manipulation in RTK (Rust Token Killer) prior to v0.32.0 allows an attacker who can place a file in a repository to intercept and alter all shell command output before it reaches an LLM during AI-assisted development. The root cause is that RTK unconditionally loaded `.rtk/filters.toml` from the current working directory with highest priority and no user notification, enabling regex-based suppression or rewriting of file contents, diffs, and security scan results. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; however, the attack surface - repository-committed config files silently hijacking LLM context - is particularly relevant to AI-assisted development pipelines where developers may not scrutinize every checked-in config.
Mesalvo Meona's Client Launcher and Server components fail to verify data authenticity (CWE-345), enabling a locally authenticated low-privileged user to send email messages to arbitrary recipients. Both the Client Launcher Component through version 19.06.2020 15:11:49 and the Server Component through version 2025.04 5+323020 are affected per NVD CPE data. No public exploit code exists and this vulnerability has not been added to the CISA KEV catalog, but the integrity and information disclosure impact could enable internal email abuse or phishing pivots from a compromised endpoint.
OpenClaw before version 2026.4.20 fails to preserve untrusted labels on webhook-triggered cron agent output, allowing events to be recorded as trusted system events instead of untrusted events. This trust-labeling issue can strengthen prompt-injection attacks by rendering attacker-controlled webhook data as legitimate system events, though it does not directly bypass authentication, tool policy, or sandboxing controls.
Spring Cloud AWS SNS HTTP/HTTPS endpoint handlers (@NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping) in versions 3.0.0-3.4.2, 4.0.0, and 4.0.1 fail to verify the cryptographic signature of incoming SNS messages, allowing unauthenticated attackers who know the endpoint URL to send forged SNS notifications, subscription confirmations, or unsubscribe requests. This enables attackers to trigger arbitrary message processing, auto-confirm malicious topic subscriptions, or force unsubscription from legitimate topics. Fixed in Spring Cloud AWS 4.0.2 with signature verification enabled by default; 3.x line receives no patch and must use workarounds.
Vaultwarden versions 1.35.4 and earlier allow authenticated attackers to permanently disable WebAuthn two-factor authentication for user credentials by exploiting a logic flaw in the `validate_webauthn_login()` function that updates backup eligibility flags before validating the WebAuthn signature. An attacker with knowledge of a user's password can modify these persistent flags even when providing an invalid WebAuthn signature, causing signature verification to fail without rolling back the database changes, resulting in denial of service of the 2FA mechanism for affected credentials. The vulnerability has been patched in version 1.35.5.
JWT type confusion in Nuts Node v1 access token introspection endpoint allows authenticated attackers to replay Verifiable Presentation (VP) JWTs as access tokens, receiving active:true responses without proper validation of JWT type, issuer-to-key binding, or required claims. Exploitation requires prior receipt of a VP JWT during legitimate protocol flow and low attack complexity due to lenient JWT processing, though real-world impact is constrained by resource servers requiring valid service, iss, and aud fields for routing. Confirmed patched in v5.4.31 and v6.2.3.