CVE-2024-50634

A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. This vulnerability is not limited to privilege escalation ...

Continue Reading
CVE-2023-22495

Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker ...

Continue Reading
CVE-2024-13111

A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected by this vulnerability is an unknown functionality of the file ...

Continue Reading
CVE-2023-39846

An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT...Read More ...

Continue Reading
CVE-2023-48396

Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-s ...

Continue Reading
CVE-2023-34088

Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker ...

Continue Reading
CVE-2023-47315

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used ...

Continue Reading
CVE-2024-53484

Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded JWT signing...Read More ...

Continue Reading

Back to Main

Subscribe for the latest news: