Payload uses JSON Web Tokens (JWT) for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date (whic ...
Continue Reading
September 02, 2025
Name of the Vulnerable Software and Affected Versions: Payload versions prior to 3.44.0 Description: A session fixation issue existed in Payload's SQLite adapter due to identifier reuse during ac ...
Continue Reading
September 02, 2025
Name of the Vulnerable Software and Affected Versions: Payload versions prior to 3.44.0 Description: Payload utilizes JSON Web Tokens (JWT) for authentication. Following a user logout, the JWT is not ...
Continue Reading
September 02, 2025
jwe is vulnerable to Brute-force Attack. The vulnerability is due to insufficient validation of JWE authentication tags, which allows an attacker to brute force tags, recover the GCM GHASH key, and cr ...
Continue Reading
September 02, 2025
This Metasploit module executes a payload within a Kubernetes...Read More ...
Continue Reading
September 02, 2025
Our research uncovered multiple critical vulnerabilities in Base44, an AI-powered platform that lets you turn any idea into a fully functional custom app. These flaws ranged from an open redirect that ...
Continue Reading
September 02, 2025
An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an ...
Continue Reading
September 02, 2025
An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an ...
Continue Reading
September 02, 2025
Back to Main
