CVE-2025-56383 - Notepad++ DLL Hijacking Vulnerability
CVE ID : CVE-2025-56383
Published : Sept. 26, 2025, 6:15 p.m. | 1 hour, 9 minutes ago
Description : Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-56383
Published : Sept. 26, 2025, 6:15 p.m. | 1 hour, 9 minutes ago
Description : Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58384 - Doxense Watchdoc .NET Remoting Deserialization Remote Code Execution
CVE ID : CVE-2025-58384
Published : Sept. 26, 2025, 6:15 p.m. | 1 hour, 9 minutes ago
Description : In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Data can lead to remote code execution through the .NET Remoting library in the Watchdoc administration interface.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58384
Published : Sept. 26, 2025, 6:15 p.m. | 1 hour, 9 minutes ago
Description : In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Data can lead to remote code execution through the .NET Remoting library in the Watchdoc administration interface.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11035 - Jinher OA text xml external entity reference
CVE ID : CVE-2025-11035
Published : Sept. 26, 2025, 6:32 p.m. | 52 minutes ago
Description : A vulnerability was determined in Jinher OA 2.0. The impacted element is an unknown function of the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1. This manipulation causes xml external entity reference. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11035
Published : Sept. 26, 2025, 6:32 p.m. | 52 minutes ago
Description : A vulnerability was determined in Jinher OA 2.0. The impacted element is an unknown function of the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1. This manipulation causes xml external entity reference. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11036 - code-projects E-Commerce Website admin_account_update.php sql injection
CVE ID : CVE-2025-11036
Published : Sept. 26, 2025, 7:02 p.m. | 22 minutes ago
Description : A vulnerability was identified in code-projects E-Commerce Website 1.0. This affects an unknown function of the file /pages/admin_account_update.php. Such manipulation of the argument user_id leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11036
Published : Sept. 26, 2025, 7:02 p.m. | 22 minutes ago
Description : A vulnerability was identified in code-projects E-Commerce Website 1.0. This affects an unknown function of the file /pages/admin_account_update.php. Such manipulation of the argument user_id leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11037 - code-projects E-Commerce Website admin_index_search.php sql injection
CVE ID : CVE-2025-11037
Published : Sept. 26, 2025, 7:02 p.m. | 22 minutes ago
Description : A security flaw has been discovered in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/admin_index_search.php. Performing manipulation of the argument Search results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11037
Published : Sept. 26, 2025, 7:02 p.m. | 22 minutes ago
Description : A security flaw has been discovered in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/admin_index_search.php. Performing manipulation of the argument Search results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11038 - itsourcecode Online Clinic Management System details.php sql injection
CVE ID : CVE-2025-11038
Published : Sept. 26, 2025, 8:15 p.m. | 3 hours, 9 minutes ago
Description : A weakness has been identified in itsourcecode Online Clinic Management System 1.0. Affected is an unknown function of the file /details.php?action=post. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11038
Published : Sept. 26, 2025, 8:15 p.m. | 3 hours, 9 minutes ago
Description : A weakness has been identified in itsourcecode Online Clinic Management System 1.0. Affected is an unknown function of the file /details.php?action=post. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11039 - Campcodes Computer Sales and Inventory System us_edit1.php sql injection
CVE ID : CVE-2025-11039
Published : Sept. 26, 2025, 8:15 p.m. | 3 hours, 9 minutes ago
Description : A security vulnerability has been detected in Campcodes Computer Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/us_edit1.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11039
Published : Sept. 26, 2025, 8:15 p.m. | 3 hours, 9 minutes ago
Description : A security vulnerability has been detected in Campcodes Computer Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/us_edit1.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11040 - code-projects Hostel Management System index.php sql injection
CVE ID : CVE-2025-11040
Published : Sept. 26, 2025, 8:15 p.m. | 3 hours, 9 minutes ago
Description : A vulnerability was detected in code-projects Hostel Management System 1.0. Affected by this issue is some unknown functionality of the file /justines/admin/mod_users/index.php?view=view. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11040
Published : Sept. 26, 2025, 8:15 p.m. | 3 hours, 9 minutes ago
Description : A vulnerability was detected in code-projects Hostel Management System 1.0. Affected by this issue is some unknown functionality of the file /justines/admin/mod_users/index.php?view=view. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11041 - itsourcecode Open Source Job Portal index.php sql injection
CVE ID : CVE-2025-11041
Published : Sept. 26, 2025, 8:15 p.m. | 3 hours, 9 minutes ago
Description : A vulnerability has been found in itsourcecode Open Source Job Portal 1.0. Affected by this issue is some unknown functionality of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11041
Published : Sept. 26, 2025, 8:15 p.m. | 3 hours, 9 minutes ago
Description : A vulnerability has been found in itsourcecode Open Source Job Portal 1.0. Affected by this issue is some unknown functionality of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50879 - None
CVE ID : CVE-2025-50879
Published : Sept. 26, 2025, 8:15 p.m. | 3 hours, 9 minutes ago
Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50879
Published : Sept. 26, 2025, 8:15 p.m. | 3 hours, 9 minutes ago
Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57692 - PiranhaCMS Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-57692
Published : Sept. 26, 2025, 8:15 p.m. | 3 hours, 9 minutes ago
Description : PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57692
Published : Sept. 26, 2025, 8:15 p.m. | 3 hours, 9 minutes ago
Description : PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10657 - Docker Desktop with ECI Fails to Enforce Socket Command Restrictions
CVE ID : CVE-2025-10657
Published : Sept. 26, 2025, 9:15 p.m. | 2 hours, 9 minutes ago
Description : In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can utilize the command restrictions feature https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/config/#command-restrictions to restrict commands that a container with a Docker socket mount may issue on that socket. Due to a software bug, the configuration to restrict commands was ignored when passed to ECI, allowing any command to be executed on the socket. This grants excessive privileges by permitting unrestricted access to powerful Docker commands. The vulnerability affects only Docker Desktop 4.46.0 users that have ECI enabled and are using the Docker socket command restrictions feature. In addition, since ECI restricts mounting the Docker socket into containers by default, it only affects containers which are explicitly allowed by the administrator to mount the Docker socket.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10657
Published : Sept. 26, 2025, 9:15 p.m. | 2 hours, 9 minutes ago
Description : In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can utilize the command restrictions feature https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/config/#command-restrictions to restrict commands that a container with a Docker socket mount may issue on that socket. Due to a software bug, the configuration to restrict commands was ignored when passed to ECI, allowing any command to be executed on the socket. This grants excessive privileges by permitting unrestricted access to powerful Docker commands. The vulnerability affects only Docker Desktop 4.46.0 users that have ECI enabled and are using the Docker socket command restrictions feature. In addition, since ECI restricts mounting the Docker socket into containers by default, it only affects containers which are explicitly allowed by the administrator to mount the Docker socket.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11045 - WAYOS LQ_04/LQ_05/LQ_06/LQ_07/LQ_09 usb_paswd.asp command injection
CVE ID : CVE-2025-11045
Published : Sept. 26, 2025, 9:15 p.m. | 2 hours, 9 minutes ago
Description : A vulnerability was identified in WAYOS LQ_04, LQ_05, LQ_06, LQ_07 and LQ_09 22.03.17. This affects an unknown function of the file /usb_paswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11045
Published : Sept. 26, 2025, 9:15 p.m. | 2 hours, 9 minutes ago
Description : A vulnerability was identified in WAYOS LQ_04, LQ_05, LQ_06, LQ_07 and LQ_09 22.03.17. This affects an unknown function of the file /usb_paswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11046 - Tencent WeKnora test testEmbeddingModel server-side request forgery
CVE ID : CVE-2025-11046
Published : Sept. 26, 2025, 9:15 p.m. | 2 hours, 9 minutes ago
Description : A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. It is advisable to upgrade the affected component. The vendor responds: "We have confirmed that the issue mentioned in the report does not exist in the latest releases".
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11046
Published : Sept. 26, 2025, 9:15 p.m. | 2 hours, 9 minutes ago
Description : A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. It is advisable to upgrade the affected component. The vendor responds: "We have confirmed that the issue mentioned in the report does not exist in the latest releases".
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11047 - Portabilis i-Educar aluno improper authorization
CVE ID : CVE-2025-11047
Published : Sept. 26, 2025, 10:15 p.m. | 1 hour, 9 minutes ago
Description : A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /module/Api/aluno. This manipulation of the argument aluno_id causes improper authorization. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11047
Published : Sept. 26, 2025, 10:15 p.m. | 1 hour, 9 minutes ago
Description : A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /module/Api/aluno. This manipulation of the argument aluno_id causes improper authorization. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11048 - Portabilis i-Educar consulta-dispensas improper authorization
CVE ID : CVE-2025-11048
Published : Sept. 26, 2025, 10:15 p.m. | 1 hour, 9 minutes ago
Description : A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11048
Published : Sept. 26, 2025, 10:15 p.m. | 1 hour, 9 minutes ago
Description : A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59845 - Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass
CVE ID : CVE-2025-59845
Published : Sept. 26, 2025, 10:38 p.m. | 46 minutes ago
Description : Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the embedding page, causing the victim’s browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victim’s cookies. This issue has been patched in Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59845
Published : Sept. 26, 2025, 10:38 p.m. | 46 minutes ago
Description : Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the embedding page, causing the victim’s browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victim’s cookies. This issue has been patched in Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59934 - Formbricks missing JWT signature verification
CVE ID : CVE-2025-59934
Published : Sept. 26, 2025, 11:03 p.m. | 21 minutes ago
Description : Formbricks is an open source qualtrics alternative. Prior to version 4.0.1, Formbricks is missing JWT signature verification. This vulnerability stems from a token validation routine that only decodes JWTs (jwt.decode) without verifying their signatures. Both the email verification token login path and the password reset server action use the same validator, which does not check the token’s signature, expiration, issuer, or audience. If an attacker learns the victim’s actual user.id, they can craft an arbitrary JWT with an alg: "none" header and use it to authenticate and reset the victim’s password. This issue has been patched in version 4.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59934
Published : Sept. 26, 2025, 11:03 p.m. | 21 minutes ago
Description : Formbricks is an open source qualtrics alternative. Prior to version 4.0.1, Formbricks is missing JWT signature verification. This vulnerability stems from a token validation routine that only decodes JWTs (jwt.decode) without verifying their signatures. Both the email verification token login path and the password reset server action use the same validator, which does not check the token’s signature, expiration, issuer, or audience. If an attacker learns the victim’s actual user.id, they can craft an arbitrary JWT with an alg: "none" header and use it to authenticate and reset the victim’s password. This issue has been patched in version 4.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36144 - IBM watsonx.data information disclosure
CVE ID : CVE-2025-36144
Published : Sept. 27, 2025, 1:15 a.m. | 2 hours, 9 minutes ago
Description : IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36144
Published : Sept. 27, 2025, 1:15 a.m. | 2 hours, 9 minutes ago
Description : IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59932 - FlagForgeCTF Unauthenticated Resource Modification/Deletion
CVE ID : CVE-2025-59932
Published : Sept. 27, 2025, 1:15 a.m. | 2 hours, 9 minutes ago
Description : Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the platform. The issue has been fixed in FlagForge version 2.3.1.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59932
Published : Sept. 27, 2025, 1:15 a.m. | 2 hours, 9 minutes ago
Description : Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the platform. The issue has been fixed in FlagForge version 2.3.1.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59936 - get-jwks poisoned JWKS cache allows post-fetch issuer validation bypass
CVE ID : CVE-2025-59936
Published : Sept. 27, 2025, 1:15 a.m. | 2 hours, 9 minutes ago
Description : get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. When the iss (issuer) claim is validated only after keys are retrieved from the cache, it is possible for cached keys from an unexpected issuer to be reused, resulting in a bypass of issuer validation. This design flaw enables a potential attack where a malicious actor crafts a pair of JWTs, the first one ensuring that a chosen public key is fetched and stored in the shared JWKS cache, and the second one leveraging that cached key to pass signature validation for a targeted iss value. The vulnerability will work only if the iss validation is done after the use of get-jwks for keys retrieval. This issue has been patched in version 11.0.2.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59936
Published : Sept. 27, 2025, 1:15 a.m. | 2 hours, 9 minutes ago
Description : get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. When the iss (issuer) claim is validated only after keys are retrieved from the cache, it is possible for cached keys from an unexpected issuer to be reused, resulting in a bypass of issuer validation. This design flaw enables a potential attack where a malicious actor crafts a pair of JWTs, the first one ensuring that a chosen public key is fetched and stored in the shared JWKS cache, and the second one leveraging that cached key to pass signature validation for a targeted iss value. The vulnerability will work only if the iss validation is done after the use of get-jwks for keys retrieval. This issue has been patched in version 11.0.2.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...