CVE-2021-3167

In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server...Read More ...

Continue Reading

May 23, 2025

CVE-2025-4692 ABUP IoT Cloud Platform Incorrect Privilege Assignment

Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platf ...

Continue Reading

May 23, 2025

CVE-2022-35540

Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator...Read More ...

Continue Reading

May 23, 2025

CVE-2025-4692 ABUP IoT Cloud Platform Incorrect Privilege Assignment

Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platf ...

Continue Reading

May 23, 2025

CVE-2022-35540

Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator...Read More ...

Continue Reading

May 23, 2025

CVE-2020-36124

Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by XML External Entity (XXE) injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them to m ...

Continue Reading

May 23, 2025

CVE-2021-32163

Authentication vulnerability in MOSN v.0.23.0 allows attacker to escalate privileges via case-sensitive JWT...Read More ...

Continue Reading

May 23, 2025

CVE-2022-29266

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive.. ...

Continue Reading

May 23, 2025

1 253 254 255 256 257 551

Back to Main
Subscribe for the latest news: