CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A ...
Continue Reading
May 23, 2025
cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value...Read More ...
Continue Reading
May 23, 2025
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A ...
Continue Reading
May 23, 2025
Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page (at /.pomerium) unintentionally included serialized OAuth2 access and ID tokens from the lo ...
Continue Reading
May 23, 2025
Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page (at /.pomerium) unintentionally included serialized OAuth2 access and ID tokens from the lo ...
Continue Reading
May 23, 2025
An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability ena ...
Continue Reading
May 23, 2025
JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey() method within the DefaultJwtP ...
Continue Reading
May 23, 2025
JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey() method within the DefaultJwtP ...
Continue Reading
May 23, 2025
Back to Main
