An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web...Read More ...
Continue Reading
December 15, 2023
** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker t ...
Continue Reading
December 15, 2023
Summary The json-web-token library is vulnerable to a JWT algorithm confusion attack. Details On line 86 of the 'index.js' file, the algorithm to use for verifying the signature of the JWT t ...
Continue Reading
December 15, 2023
JWT tokens signed using NKeys for Ed25519 for the NATS...Read More ...
Continue Reading
December 15, 2023
Impact SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) allows under certain conditions an escalation of privileges. On successful exploitation, an un ...
Continue Reading
December 15, 2023
** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker t ...
Continue Reading
December 15, 2023
lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. A p2c parameter set too high in JWE's algorithm PBES2-* could lead to a denial ...
Continue Reading
December 15, 2023
Impact next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issu ...
Continue Reading
December 15, 2023
Back to Main
