CVE-2024-50634

A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. This vulnerability is not limited to privilege escalation ...

Continue Reading
CVE-2023-22495

Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker ...

Continue Reading
CVE-2024-13111

A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected by this vulnerability is an unknown functionality of the file ...

Continue Reading
CVE-2023-39846

An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT...Read More ...

Continue Reading
CVE-2024-53484

Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded JWT signing...Read More ...

Continue Reading
CVE-2024-39315

Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page (at /.pomerium) unintentionally included serialized OAuth2 access and ID tokens from the lo ...

Continue Reading
CVE-2024-22209

Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability ...

Continue Reading
CVE-2024-57432

macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for ...

Continue Reading

Back to Main

Subscribe for the latest news: