Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding accountâs JWT token only.Read More ...
Continue Reading
August 15, 2023
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. ...
Continue Reading
August 15, 2023
Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials ...
Continue Reading
August 15, 2023
HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.Read More ...
Continue Reading
August 15, 2023
HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.Read More ...
Continue Reading
August 11, 2023
HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.Read More ...
Continue Reading
August 09, 2023
pocketmine/pocketmine-mp is vulnerable to Denial Of Service (DoS). The vulnerability exists in due to the `netresearch/jsonmapper` dependency due to improper mappings of JSON arrays and objects onto s ...
Continue Reading
August 08, 2023
Welcome to the 3rd post in our weekly series on the new [2023 OWASP API Security Top-10]() list, with a particular focus on security practitioners. This post will focus on [API2:2023 Broken Authentica ...
Continue Reading
August 05, 2023
Back to Main
