Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2025-54887
CRITICAL CVSS 9.1
Find Similar
jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of con
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token
SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used
fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 5.0.6, the fast-jwt library does not properly validate the iss claim based on the RFC 7519. The iss (issuer) claim validation withi
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate
CVE-2025-45765
CRITICAL CVSS 9.1
Find Similar
ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenS
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression
A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file middlewares/jwt.go. The manipulation with the inpu
A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHel
CVE-2026-44351
CRITICAL CVSS 9.1
Find Similar
fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to
A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability a
A vulnerability has been found in youth-is-as-pale-as-poetry e-learning 1.0. Impacted is the function encryptSecret of the file e-learning-master\exam-api\src\main\java\com\yf\exam\ability\shiro\jwt\J
cjwt is a C JSON Web Token (JWT) Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between
PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option ("b64": false, RFC 7797), PyJWT performs Base64URL decod
A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwt_utils.go o
PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array li
The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attac
auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the H
Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject mali
Page 1+ Next →