Skip to main content

Jwt Attack

507 CVEs product

Monthly

CVE-2024-8036 MEDIUM This Month

ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. Rated medium severity (CVSS 4.6). No vendor patch available.

Abb Jwt Attack Information Disclosure
NVD
CVSS 4.0
4.6
EPSS
0.1%
CVE-2024-48948 npm MEDIUM POC PATCH This Month

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Node.js Jwt Attack Information Disclosure Elliptic
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2024-47943 CRITICAL Act Now

The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jwt Attack
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-8531 HIGH This Week

compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-9487 CRITICAL POC THREAT Act Now

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Denial Of Service Enterprise Server
NVD GitHub
CVSS 4.0
9.5
EPSS
22.4%
CVE-2024-48949 npm CRITICAL PATCH Act Now

The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Jwt Attack Information Disclosure Elliptic
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-47832 Go CRITICAL PATCH Act Now

ssoready is a single sign on provider implemented via docker. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Jwt Attack Docker Ssoready
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-23960 MEDIUM This Month

Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Jwt Attack Ilx F509 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-7481 HIGH This Week

Improper verification of cryptographic signature during installation of a Printer driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Microsoft
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-7479 HIGH This Week

Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Microsoft
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-8698 Maven HIGH POC PATCH This Week

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jwt Attack
NVD
CVSS 3.1
7.7
EPSS
2.0%
CVE-2024-7788 HIGH This Week

Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOffice2 before < 24.2.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Libreoffice
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-45607 npm MEDIUM PATCH This Month

whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Whatsapp Api Js
NVD GitHub
CVSS 3.1
5.3
EPSS
14.1%
CVE-2024-45409 Ruby CRITICAL POC PATCH THREAT Act Now

The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Denial Of Service Ruby Saml Omniauth Saml Gitlab
NVD GitHub
CVSS 3.1
9.8
EPSS
10.7%
CVE-2024-6800 CRITICAL Act Now

An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Jwt Attack Enterprise Server
NVD GitHub
CVSS 4.0
9.5
EPSS
1.5%
CVE-2024-23460 HIGH This Week

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Jwt Attack RCE Client Connector
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23456 HIGH This Week

Anti-tampering can be disabled under certain conditions without signature validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Client Connector
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-42461 npm CRITICAL PATCH Act Now

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Jwt Attack Information Disclosure Elliptic
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-42459 npm MEDIUM POC PATCH This Month

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Jwt Attack Information Disclosure Elliptic
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-41258 MEDIUM This Month

An issue was discovered in filestash v0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Information Disclosure Filestash
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-41254 MEDIUM This Month

An issue was discovered in litestream v0.3.13. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Information Disclosure Litestream
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-5912 MEDIUM This Month

An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Paloalto
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2024-38069 HIGH PATCH This Week

Windows Enroll Engine Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.0).

Authentication Bypass Jwt Attack Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2024-20892 HIGH This Week

Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local attackers to execute privileged behaviors. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-37532 HIGH This Week

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Jwt Attack Information Disclosure Websphere Application Server
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-36277 MEDIUM This Month

Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Google Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-21988 MEDIUM PATCH This Month

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure Storagegrid
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-37886 MEDIUM PATCH This Month

user_oidc app is an OpenID Connect user backend for Nextcloud. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Nextcloud Information Disclosure User Oidc
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-37568 PyPI HIGH POC PATCH This Week

lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Authlib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-2451 MEDIUM This Month

Improper fingerprint validation in the TeamViewer Client (Full & Host) prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via. Rated medium severity (CVSS 6.4). No vendor patch available.

Apple Jwt Attack Information Disclosure Microsoft
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-1721 MEDIUM This Month

Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.1. Rated medium severity (CVSS 5.6). No vendor patch available.

Jwt Attack Information Disclosure Microsoft
NVD
CVSS 4.0
5.6
EPSS
0.1%
CVE-2024-27244 HIGH This Week

Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Jwt Attack Microsoft Workplace Virtual Desktop Infrastructure
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-32962 npm CRITICAL PATCH Act Now

xml-crypto is an xml digital signature and encryption library for Node.js. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Jwt Attack Information Disclosure
NVD GitHub
CVSS 3.1
10.0
EPSS
0.8%
CVE-2024-23480 CRITICAL Act Now

A fallback mechanism in code sign checking on macOS may allow arbitrary code execution.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Jwt Attack RCE Client Connector
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-27247 MEDIUM This Month

Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Jwt Attack Zoom
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-24694 HIGH This Week

Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Jwt Attack Microsoft Zoom
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-26194 HIGH This Week

Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Jwt Attack Windows 10 1507 Windows 10 1607 Windows 10 1809 +8
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2024-2307 MEDIUM This Month

A flaw was found in osbuild-composer. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-1150 MEDIUM This Month

Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.3.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Snow Inventory Agent
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-1149 MEDIUM This Month

Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Jwt Attack Information Disclosure Microsoft Snow Inventory Agent
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-21917 CRITICAL Act Now

A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Rockwell Factorytalk Services Platform
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-21383 LOW PATCH Monitor

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Jwt Attack Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2024-23680 Maven MEDIUM PATCH This Month

AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Java Information Disclosure Aws Encryption Sdk
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-2030 LOW Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Jwt Attack Information Disclosure
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2016-20021 PyPI CRITICAL PATCH Act Now

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Portage
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2024-21669 PyPI CRITICAL POC PATCH Act Now

Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Jwt Attack Information Disclosure Aries Cloud Agent
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2022-3864 MEDIUM This Month

A vulnerability exists in the Relion update package signature validation. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Relion 650 Firmware Relion 670 Firmware Relion Sam600 Io Firmware
NVD
CVSS 3.1
4.5
EPSS
0.0%
CVE-2023-23436 HIGH This Week

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Magicos
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-23435 HIGH This Week

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Magicos
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-23433 HIGH This Week

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Nth An00 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-23432 HIGH This Week

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Nth An00 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-23431 HIGH This Week

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Nth An00 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-50714 PHP HIGH POC PATCH This Week

yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack CSRF Yii2 Authclient
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-49646 MEDIUM This Month

Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Authentication Bypass Meeting Software Development Kit Video Software Development Kit +2
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-41337 MEDIUM PATCH This Month

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Code Injection Jwt Attack H2O
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-49079 HIGH This Week

Misskey is an open source, decentralized social media platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Misskey
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-20568 MEDIUM This Month

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Microsoft Radeon Rx Vega M Firmware Radeon Software +4
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-20567 MEDIUM This Month

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Microsoft Radeon Rx Vega M Firmware Radeon Software +4
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-47122 Go MEDIUM PATCH This Month

Gitsign is software for keyless Git signing using Sigstore. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Jwt Attack Gitsign
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-34058 HIGH PATCH This Week

VMware Tools contains a SAML token signature bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

VMware Jwt Attack Authentication Bypass Open Vm Tools Debian Linux +2
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-46234 npm HIGH PATCH This Week

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Browserify Sign Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-28804 MEDIUM This Month

An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.4.0.105. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Client Connector
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-46324 Go HIGH PATCH This Week

pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Udm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-43611 HIGH This Week

The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Jwt Attack Big Ip Access Policy Manager Big Ip Advanced Firewall Manager +17
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-42811 Cargo MEDIUM POC PATCH This Month

aes-gcm is a pure Rust implementation of the AES-GCM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Aes Gcm Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42806 MEDIUM This Month

Hydra is the layer-two scalability solution for Cardano. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Hydra
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-20236 HIGH This Week

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Jwt Attack Information Disclosure Ios Xr
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20135 HIGH This Week

A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. Rated high severity (CVSS 7.0). No vendor patch available.

RCE Cisco Apple Jwt Attack Ios Xr
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2023-41764 MEDIUM PATCH This Month

Microsoft Office Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Jwt Attack Microsoft 365 Apps Office +1
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2023-40727 HIGH This Week

A vulnerability has been identified in QMS Automotive (All versions < V12.39). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Qms Automotive
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-41744 HIGH PATCH This Week

Local privilege escalation due to unrestricted loading of unsigned libraries. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Apple Jwt Attack Agent Cyber Protect
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28801 CRITICAL Act Now

An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler Admin UI allows a Privilege Escalation.2 before 6.2r. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Jwt Attack Zscaler Internet Access Admin Portal
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-36811 PyPI MEDIUM PATCH This Month

borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. Rated medium severity (CVSS 4.7).

Information Disclosure Jwt Attack Borg
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-20266 HIGH This Week

A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Jwt Attack Information Disclosure Emergency Responder Unified Communications Manager +1
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-41037 npm MEDIUM POC PATCH This Month

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jwt Attack Openpgpjs
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-23773 HIGH This Week

Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jwt Attack Ebts Base Radio Firmware Mbts Base Radio Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-23772 HIGH This Week

Motorola MBTS Site Controller fails to check firmware update authenticity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jwt Attack Mbts Site Controller Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-40178 npm MEDIUM PATCH This Month

Node-SAML is a SAML library not dependent on any frameworks that runs in Node. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Node Saml
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-39969 CRITICAL PATCH Act Now

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Uthenticode
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-39211 HIGH This Week

Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Microsoft Rooms Zoom
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-38418 HIGH This Week

The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Jwt Attack Access Policy Manager Clients Big Ip Access Policy Manager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-3347 MEDIUM This Month

A vulnerability was found in Samba's SMB2 packet signing mechanism. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Samba Storage Enterprise Linux +1
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-33768 MEDIUM POC This Month

Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jwt Attack Wemo Smart Plug Wsp080 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-35373 MEDIUM PATCH This Month

Mono Authenticode Validation Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Information Disclosure Jwt Attack Mono
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-32449 HIGH PATCH This Week

Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Jwt Attack Dell Powerstoret Os
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-34120 HIGH This Week

Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Jwt Attack Microsoft Virtual Desktop Infrastructure
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28602 HIGH This Week

Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Microsoft Zoom
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2023-33959 Go HIGH PATCH This Week

notation is a CLI tool to sign and verify OCI artifacts and container images. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Notation Go
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-34205 Go CRITICAL PATCH Act Now

In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Authentication Bypass Signedxml
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-33185 PyPI MEDIUM POC PATCH This Month

Django-SES is a drop-in mail backend for Django. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Jwt Attack Information Disclosure Django Ses
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
EPSS 0% CVSS 4.6
MEDIUM This Month

ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. Rated medium severity (CVSS 4.6). No vendor patch available.

Abb Jwt Attack Information Disclosure
NVD
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Node.js Jwt Attack Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jwt Attack
NVD
EPSS 0% CVSS 7.2
HIGH This Week

compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure
NVD
EPSS 22% CVSS 9.5
CRITICAL POC THREAT Act Now

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Denial Of Service Enterprise Server
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Jwt Attack Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

ssoready is a single sign on provider implemented via docker. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Jwt Attack Docker +1
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM This Month

Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Jwt Attack Ilx F509 Firmware
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Improper verification of cryptographic signature during installation of a Printer driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Microsoft
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Microsoft
NVD
EPSS 2% CVSS 7.7
HIGH POC PATCH This Week

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jwt Attack
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOffice2 before < 24.2.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Libreoffice
NVD
EPSS 14% CVSS 5.3
MEDIUM PATCH This Month

whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Whatsapp Api Js
NVD GitHub
EPSS 11% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Denial Of Service Ruby Saml +2
NVD GitHub
EPSS 2% CVSS 9.5
CRITICAL Act Now

An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Jwt Attack Enterprise Server
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Jwt Attack RCE +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Anti-tampering can be disabled under certain conditions without signature validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Client Connector
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Jwt Attack Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Jwt Attack Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue was discovered in filestash v0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Information Disclosure Filestash
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue was discovered in litestream v0.3.13. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Information Disclosure Litestream
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM This Month

An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Paloalto
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Windows Enroll Engine Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.0).

Authentication Bypass Jwt Attack Microsoft +12
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local attackers to execute privileged behaviors. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Android
NVD
EPSS 0% CVSS 8.8
HIGH This Week

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Jwt Attack Information Disclosure +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Google Information Disclosure
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure Storagegrid
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

user_oidc app is an OpenID Connect user backend for Nextcloud. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Nextcloud Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Authlib
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

Improper fingerprint validation in the TeamViewer Client (Full & Host) prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via. Rated medium severity (CVSS 6.4). No vendor patch available.

Apple Jwt Attack Information Disclosure +1
NVD
EPSS 0% CVSS 5.6
MEDIUM This Month

Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.1. Rated medium severity (CVSS 5.6). No vendor patch available.

Jwt Attack Information Disclosure Microsoft
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Jwt Attack Microsoft +1
NVD
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

xml-crypto is an xml digital signature and encryption library for Node.js. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Jwt Attack Information Disclosure
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

A fallback mechanism in code sign checking on macOS may allow arbitrary code execution.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Jwt Attack RCE +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Jwt Attack +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Jwt Attack Microsoft +1
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Jwt Attack Windows 10 1507 +10
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A flaw was found in osbuild-composer. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.3.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Snow Inventory Agent
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Jwt Attack Information Disclosure +2
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Rockwell +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Jwt Attack Information Disclosure Google +2
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Java Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 3.5
LOW Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Jwt Attack Information Disclosure
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Portage
NVD
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Jwt Attack Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 4.5
MEDIUM This Month

A vulnerability exists in the Relion update package signature validation. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Relion 650 Firmware +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Magicos
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Magicos
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Nth An00 Firmware
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Nth An00 Firmware
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Nth An00 Firmware
NVD
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack CSRF Yii2 Authclient
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Authentication Bypass +4
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Code Injection Jwt Attack H2O
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Misskey is an open source, decentralized social media platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Misskey
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Microsoft +6
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Microsoft +6
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Gitsign is software for keyless Git signing using Sigstore. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Jwt Attack Gitsign
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

VMware Tools contains a SAML token signature bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

VMware Jwt Attack Authentication Bypass +4
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Browserify Sign +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.4.0.105. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Client Connector
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Udm
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Jwt Attack +19
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

aes-gcm is a pure Rust implementation of the AES-GCM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Aes Gcm +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Hydra is the layer-two scalability solution for Cardano. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Hydra
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Jwt Attack +2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. Rated high severity (CVSS 7.0). No vendor patch available.

RCE Cisco Apple +2
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Microsoft Office Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Jwt Attack Microsoft +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability has been identified in QMS Automotive (All versions < V12.39). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Qms Automotive
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation due to unrestricted loading of unsigned libraries. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Apple Jwt Attack +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler Admin UI allows a Privilege Escalation.2 before 6.2r. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Jwt Attack Zscaler Internet Access Admin Portal
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. Rated medium severity (CVSS 4.7).

Information Disclosure Jwt Attack Borg
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Jwt Attack Information Disclosure +3
NVD
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jwt Attack Openpgpjs
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jwt Attack Ebts Base Radio Firmware +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Motorola MBTS Site Controller fails to check firmware update authenticity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jwt Attack Mbts Site Controller Firmware
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Node-SAML is a SAML library not dependent on any frameworks that runs in Node. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Node Saml
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Uthenticode
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Microsoft +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Jwt Attack +2
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

A vulnerability was found in Samba's SMB2 packet signing mechanism. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Samba +3
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jwt Attack Wemo Smart Plug Wsp080 Firmware
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Mono Authenticode Validation Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Information Disclosure Jwt Attack Mono
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Jwt Attack Dell +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Jwt Attack Microsoft +1
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Microsoft +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

notation is a CLI tool to sign and verify OCI artifacts and container images. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Notation Go
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Authentication Bypass Signedxml
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Django-SES is a drop-in mail backend for Django. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Jwt Attack Information Disclosure +1
NVD GitHub
Prev Page 3 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy