Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker ...
Continue Reading
May 23, 2025
Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to ac ...
Continue Reading
May 23, 2025
An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability ena ...
Continue Reading
May 23, 2025
An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability ena ...
Continue Reading
May 23, 2025
Directus is a real-time API and App dashboard for managing SQL database content. When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security ri ...
Continue Reading
May 23, 2025
PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key PanIndex is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any acti ...
Continue Reading
May 23, 2025
Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce...Read More ...
Continue Reading
May 23, 2025
An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web...Read More ...
Continue Reading
May 23, 2025
Back to Main
