Summary json-jwtis used by IBM Cloud Pak for Data as part of the platform. CVE-2023-51774. Vulnerability Details ** CVEID: CVE-2023-51774 DESCRIPTION: **json-jwt could allow a remote attacker to byp ...
Continue Reading
August 08, 2024
¿Qué pasa con JWT? El token web JSON, usualmente identificado por sus siglas JWT, brinda un recurso eficaz para autenticar y habilitar el acceso en los programas web. No obstante, un uso inadecuado ...
Continue Reading
August 07, 2024
Vulnerability Details Affected Vendor: Open WebUI Affected Product: Open WebUI Affected Version: 0.1.105 Platform: Debian 12 CWE Classification: CWE-22: Improper Limitation of a Pathname to a ...
Continue Reading
August 07, 2024
pREST vulnerable to jwt bypass + sql injection in...Read More ...
Continue Reading
August 07, 2024
Summary A vulnerability in Connect2id Nimbus-JOSE-JWT that is used by the JDBC driver in InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-52428 DESCRIPTION: **Con ...
Continue Reading
August 06, 2024
Apache SeaTunnel is vulnerable to Authentication Bypass by Spoofing. The vulnerability is due to a hardcoded JWT key in the application, allowing an attacker to forge any token to log in as any...Read ...
Continue Reading
August 01, 2024
Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunne ...
Continue Reading
July 30, 2024
Summary Probably jwt bypass + sql injection or what i'm doing wrong? PoC (how to reproduce) Create following files: docker-compose.yml: services: postgres: image: postgres container_n ...
Continue Reading
July 30, 2024
Back to Main
