"Gunosy" App provided by Gunosy Inc. contains the following vulnerability. Insertion of sensitive information into sent data (CWE-201) CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA ...
Continue Reading
September 02, 2025
"Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may ...
Continue Reading
September 02, 2025
Summary Connect2id Nimbus JOSE+JWT is used by Watson Studio in Cloud Pak for Data. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can ...
Continue Reading
September 02, 2025
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token (JWT ...
Continue Reading
September 02, 2025
Payload uses JSON Web Tokens (JWT) for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date (whic ...
Continue Reading
September 02, 2025
An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an ...
Continue Reading
September 02, 2025
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Ed ...
Continue Reading
August 23, 2025
hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT (JSON Web Token) creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impe ...
Continue Reading
August 23, 2025
Back to Main
