Skip to main content

Jwt Attack

507 CVEs product

Monthly

CVE-2023-25934 HIGH This Week

DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Dell Elastic Cloud Storage
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-1204 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab Jwt Attack
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-28228 MEDIUM PATCH This Month

Windows Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Jwt Attack Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-28226 MEDIUM PATCH This Month

Windows Enroll Engine Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Jwt Attack Microsoft Windows 10 1507 Windows 10 1607 +6
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-28818 MEDIUM This Month

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Aptare It Analytics Netbackup It Analytics
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-28610 CRITICAL Act Now

The update process in OMICRON StationGuard and OMICRON StationScout before 2.21 can be exploited by providing a modified firmware update image. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Stationguard Stationscout
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-20940 HIGH PATCH This Week

In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Jwt Attack Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-25718 CRITICAL Act Now

In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Control
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-23928 CRITICAL PATCH Act Now

reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.validate` does not check HS256 signatures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Jwt Attack Reason Jose
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-23334 CRITICAL Act Now

The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Jwt Attack Newtest
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-22742 Cargo MEDIUM PATCH This Month

libgit2 is a cross-platform, linkable library implementation of Git. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Jwt Attack Libgit2
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-24025 HIGH This Week

CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Pqclean
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-47549 MEDIUM POC This Month

An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Jwt Attack Authentication Bypass Op Tee
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-23507 Cargo MEDIUM PATCH This Month

Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Tendermint Light Client Js Tendermint Light Client Verifier Tendermint Light Client
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-41669 HIGH PATCH This Week

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Jwt Attack Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-41666 HIGH This Week

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-42793 MEDIUM This Month

An issue in code signature validation was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Apple Ipados Iphone Os +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-39300 npm HIGH PATCH This Week

node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Jwt Attack Node Saml
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-31123 Go HIGH PATCH This Week

Grafana is an open source observability and data visualization platform. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Grafana Jwt Attack E Series Performance Analyzer
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-39299 npm HIGH PATCH This Week

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Jwt Attack Node.js Passport Saml
NVD GitHub
CVSS 3.1
8.1
EPSS
3.0%
CVE-2022-20944 MEDIUM This Month

A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Apple Cisco Ios Xe
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-42010 MEDIUM POC PATCH This Month

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Jwt Attack Denial Of Service Dbus Fedora
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-39237 Go CRITICAL PATCH Act Now

syslabs/sif is the Singularity Image Format (SIF) reference implementation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Singularity Image Format
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-41340 npm HIGH PATCH This Week

The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Node.js Secp256K1 Js
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-36056 Go MEDIUM POC PATCH This Month

Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Jwt Attack Cosign
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-39200 Go MEDIUM PATCH This Month

Dendrite is a Matrix homeserver written in Go. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Dendrite
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-2790 MEDIUM This Month

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files). Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Electric S Proficy
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2022-28752 HIGH This Week

Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Jwt Attack Privilege Escalation Rooms
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-28751 HIGH This Week

The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package signature validation during the update process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Apple Privilege Escalation Meetings
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-28756 HIGH This Week

The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Apple Privilege Escalation Meetings
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-35930 Go HIGH PATCH This Week

PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kubernetes Jwt Attack Policy Controller
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-35929 Go CRITICAL POC PATCH Act Now

cosign is a container signing and verification utility. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Cosign
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-31207 CRITICAL Act Now

The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jwt Attack Sysmac Cs1 Firmware Sysmac Cj2M Firmware Sysmac Cj2H Firmware +4
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-31206 CRITICAL Act Now

The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jwt Attack Nx701 1600 Firmware Nx701 1620 Firmware Nx701 1700 Firmware +22
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-25898 npm CRITICAL POC PATCH Act Now

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jwt Attack Jsrsasign
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-1739 MEDIUM This Month

The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Imagecast X
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2022-31053 LIB CRITICAL POC PATCH Act Now

Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Java Biscuit Auth Biscuit Go +2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-26510 MEDIUM POC This Month

A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Ir302 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-24884 HIGH PATCH This Week

ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Ecdsautils Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-24773 npm MEDIUM PATCH This Month

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Forge
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-24772 npm HIGH PATCH This Week

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Forge
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-24771 npm HIGH PATCH This Week

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Forge
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-24759 npm HIGH PATCH This Week

`@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure Js Libp2P Noise
NVD GitHub
CVSS 3.1
7.4
EPSS
0.5%
CVE-2022-23610 HIGH This Week

wire-server provides back end services for Wire, an open source messenger. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Information Disclosure Wire Server
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-23655 PHP MEDIUM PATCH This Month

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

PHP Jwt Attack Information Disclosure October
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-20156 MEDIUM This Month

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Tew 827Dru Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-0152 MEDIUM This Month

Improper verification of cryptographic signature in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Intel Jwt Attack Ax210 Firmware +14
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-34420 HIGH This Week

The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Jwt Attack Zoom Client For Meetings
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2021-43572 PyPI CRITICAL POC PATCH Act Now

The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Jwt Attack Ecdsa Python
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-43571 npm CRITICAL POC PATCH Act Now

The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Jwt Attack Ecdsa Node
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-43570 Maven CRITICAL POC PATCH Act Now

The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Jwt Attack Ecdsa Java
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-43569 NuGet CRITICAL POC PATCH Act Now

The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Ecdsa Dotnet
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-43568 CRITICAL POC Act Now

The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Elixir Ecdsa
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-39909 MEDIUM This Month

Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Gitlab Jwt Attack
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-37127 HIGH This Week

There is a signature management vulnerability in some huawei products. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Jwt Attack Imanager Neteco 6000 Firmware Imanager Neteco Firmware
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2021-41832 HIGH This Week

It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Jwt Attack Openoffice
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-41831 MEDIUM This Month

It is possible for an attacker to manipulate the timestamp of signed documents. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Jwt Attack Openoffice
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2021-41830 HIGH This Week

It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Jwt Attack Openoffice
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-29108 HIGH This Week

There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jwt Attack Portal For Arcgis
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-37927 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Information Disclosure Jwt Attack Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-31841 HIGH This Week

A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Jwt Attack Mcafee Agent
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2021-34709 MEDIUM This Month

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software. Rated medium severity (CVSS 6.4). No vendor patch available.

Cisco Apple RCE Jwt Attack Ios Xr
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2021-34708 MEDIUM This Month

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple RCE Jwt Attack Ios Xr
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-3051 HIGH This Week

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Paloalto Jwt Attack Cortex Xsoar
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2021-1849 HIGH This Week

An issue in code signature validation was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Jwt Attack Ipados Iphone Os +3
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-33885 CRITICAL POC Act Now

An Insufficient Verification of Data Authenticity vulnerability in B. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Spacecom2
NVD
CVSS 3.1
9.8
EPSS
5.6%
CVE-2021-34715 HIGH PATCH This Week

A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Cisco Information Disclosure Jwt Attack Expressway Telepresence Video Communication Server
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-3633 HIGH POC This Week

A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Lenovo Jwt Attack Drivers Management
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-36277 HIGH PATCH This Week

Dell Command | Update, Dell Update, and Alienware Update versions before 4.3 contains an Improper Verification of Cryptographic Signature Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell RCE Jwt Attack Alienware Command Center Application Command Update +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-38195 Cargo CRITICAL POC PATCH Act Now

An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Jwt Attack Libsecp256K1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-37160 CRITICAL Act Now

A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Jwt Attack Hmi 3 Control Panel Firmware
NVD
CVSS 3.1
9.8
EPSS
8.2%
CVE-2021-22708 HIGH This Week

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Evlink City Evc1S22P4 Firmware Evlink City Evc1S7P4 Firmware Evlink Parking Evw2 Firmware +3
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2021-26100 HIGH This Week

A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Fortimail
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-24020 CRITICAL Act Now

A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Fortimail
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2021-35039 HIGH PATCH This Week

kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Jwt Attack Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-23993 MEDIUM This Month

An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Jwt Attack Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-23992 MEDIUM This Month

Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Jwt Attack Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-32685 npm CRITICAL PATCH Act Now

tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Jwt Attack Tenvoy
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-3196 HIGH POC This Week

An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Jwt Attack Id Bravura Security Fabric
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-29500 HIGH This Week

bubble fireworks is an open source java package relating to Spring Framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jwt Attack Bubble Fireworks
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-33054 HIGH This Week

SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Sogo Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-28091 HIGH PATCH This Week

Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Lasso Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-22735 HIGH This Week

Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jwt Attack Spacelynk Firmware Homelynk Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2021-22734 HIGH This Week

Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jwt Attack Spacelynk Firmware Homelynk Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2021-20487 CRITICAL Act Now

IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Jwt Attack Power9 System Firmware Scale Out Lc System Firmware
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2021-22160 Maven CRITICAL PATCH Act Now

If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Jwt Attack Pulsar
NVD
CVSS 3.1
9.8
EPSS
52.9%
CVE-2021-3445 HIGH This Week

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Jwt Attack Libdnf Fedora Enterprise Linux
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-3421 MEDIUM PATCH This Month

A flaw was found in the RPM package in the read functionality. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Jwt Attack Rpm Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-29455 MEDIUM PATCH This Month

Grassroot Platform is an application to make it faster, cheaper and easier to persistently organize and mobilize people in low-income communities. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Grassroot Platform
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-29451 Maven CRITICAL PATCH Act Now

Portofino is an open source web development framework. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Portofino
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
EPSS 0% CVSS 7.5
HIGH This Week

DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Dell +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab Jwt Attack
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Windows Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Jwt Attack Microsoft +13
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Windows Enroll Engine Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Jwt Attack Microsoft +8
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Aptare It Analytics +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The update process in OMICRON StationGuard and OMICRON StationScout before 2.21 can be exploited by providing a modified firmware update image. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Stationguard +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Jwt Attack +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Control
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.validate` does not check HS256 signatures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Jwt Attack Reason Jose
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Jwt Attack Newtest
NVD VulDB
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

libgit2 is a cross-platform, linkable library implementation of Git. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Jwt Attack Libgit2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Pqclean
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM POC This Month

An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Jwt Attack Authentication Bypass Op Tee
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Tendermint Light Client Js +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Jwt Attack Ecostruxure Operator Terminal Expert +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Ecostruxure Operator Terminal Expert +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue in code signature validation was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Apple +3
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Jwt Attack Node Saml
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Grafana is an open source observability and data visualization platform. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Grafana Jwt Attack +1
NVD GitHub
EPSS 3% CVSS 8.1
HIGH PATCH This Week

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Jwt Attack Node.js +1
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM This Month

A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Apple +2
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Jwt Attack Denial Of Service Dbus +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

syslabs/sif is the Singularity Image Format (SIF) reference implementation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Singularity Image Format
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Node.js +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Jwt Attack Cosign
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Dendrite is a Matrix homeserver written in Go. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Dendrite
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files). Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Electric S Proficy
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Jwt Attack Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package signature validation during the update process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Apple Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Apple Privilege Escalation +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kubernetes Jwt Attack +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

cosign is a container signing and verification utility. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Cosign
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jwt Attack Sysmac Cs1 Firmware +6
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jwt Attack Nx701 1600 Firmware +24
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jwt Attack Jsrsasign
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Imagecast X
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Java +4
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Ir302 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Ecdsautils +2
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Forge
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Forge
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Forge
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

`@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure Js Libp2P Noise
NVD GitHub
EPSS 1% CVSS 8.1
HIGH This Week

wire-server provides back end services for Wire, an open source messenger. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Information Disclosure Wire Server
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

PHP Jwt Attack Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Tew 827Dru Firmware
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper verification of cryptographic signature in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Intel +16
NVD
EPSS 0% CVSS 7.4
HIGH This Week

The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Jwt Attack +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Jwt Attack +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Jwt Attack +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Jwt Attack +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Ecdsa Dotnet
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Elixir Ecdsa
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Gitlab Jwt Attack
NVD
EPSS 1% CVSS 7.2
HIGH This Week

There is a signature management vulnerability in some huawei products. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Jwt Attack +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Jwt Attack +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

It is possible for an attacker to manipulate the timestamp of signed documents. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Jwt Attack +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Jwt Attack +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jwt Attack Portal For Arcgis
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Information Disclosure Jwt Attack +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Jwt Attack +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software. Rated medium severity (CVSS 6.4). No vendor patch available.

Cisco Apple RCE +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple RCE +2
NVD
EPSS 1% CVSS 8.1
HIGH This Week

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Paloalto Jwt Attack +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue in code signature validation was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Jwt Attack +5
NVD
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

An Insufficient Verification of Data Authenticity vulnerability in B. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Spacecom2
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Cisco Information Disclosure Jwt Attack +2
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Lenovo Jwt Attack +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Dell Command | Update, Dell Update, and Alienware Update versions before 4.3 contains an Improper Verification of Cryptographic Signature Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell RCE Jwt Attack +3
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Jwt Attack Libsecp256K1
NVD
EPSS 8% CVSS 9.8
CRITICAL Act Now

A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Jwt Attack Hmi 3 Control Panel Firmware
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Evlink City Evc1S22P4 Firmware +5
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Fortimail
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Fortimail
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Jwt Attack +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Jwt Attack +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Jwt Attack +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Jwt Attack +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Jwt Attack Id Bravura Security Fabric
NVD
EPSS 1% CVSS 7.5
HIGH This Week

bubble fireworks is an open source java package relating to Spring Framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jwt Attack +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Sogo +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Lasso +2
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jwt Attack Spacelynk Firmware +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jwt Attack Spacelynk Firmware +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Jwt Attack +2
NVD
EPSS 53% CVSS 9.8
CRITICAL PATCH Act Now

If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Jwt Attack +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Jwt Attack Libdnf +2
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the RPM package in the read functionality. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Jwt Attack Rpm +2
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Grassroot Platform is an application to make it faster, cheaper and easier to persistently organize and mobilize people in low-income communities. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Grassroot Platform
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Portofino is an open source web development framework. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Portofino
NVD GitHub
Prev Page 4 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy