Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. ...
Continue Reading
August 03, 2023
# CVE-2021-44910-SpringBladeæ¼æ´æ£æµå·¥å · å¨21å¹´ï¼SpringBladeæ¡æ¶æ¾åç°ä¸ä¸ªJW...Read More ...
Continue Reading
July 22, 2023
github.com/IceWhaleTech/CasaOS is vulnerable to Weak JWT Secrets. The vulnerability exists because the `InitV1Router` function of `v1.go` and `InitV2Router` function of `v2.go` does not properly valid ...
Continue Reading
July 20, 2023
Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding accountâs JWT token only.Read More ...
Continue Reading
July 20, 2023
Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token.Read More ...
Continue Reading
July 20, 2023
## 1. EXECUTIVE SUMMARY * **âCVSS v3 9.8** * **âATTENTION: **Exploitable remotely/low attack complexity * **âVendor: **Weintek * **âEquipment: **Weincloud * **âVulne ...
Continue Reading
July 18, 2023
### Impact Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. ### Patches The prob ...
Continue Reading
July 17, 2023
The version of ecs-service-connect-agent installed on the remote host is prior to v1.25.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-003 advisory. ...
Continue Reading
July 14, 2023
Back to Main
