The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorizatio ...
Continue Reading
September 02, 2025
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. A path traversal vulnerability via the GitLab Workhorse in all v ...
Continue Reading
September 02, 2025
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. The JWT library in NATS nats-server before 2.1.9 has Incorrect A ...
Continue Reading
September 02, 2025
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token (JWT ...
Continue Reading
September 02, 2025
Payload uses JSON Web Tokens (JWT) for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date (whic ...
Continue Reading
September 02, 2025
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token (JWT ...
Continue Reading
September 02, 2025
Payload uses JSON Web Tokens (JWT) for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date (whic ...
Continue Reading
September 02, 2025
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token (JWT ...
Continue Reading
September 02, 2025
Back to Main
