CVE-2021-29157

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location ...

Continue Reading
CVE-2020-26160

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fail ...

Continue Reading
CVE-2022-29217

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT ...

Continue Reading
Moxa MXsecurity Series Hardcoded JWT Key Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Moxa MXsecurity Series appliances. Authentication is not required to exploit this vulnerability. The sp ...

Continue Reading
Spring Authorization Server is on Spring Initializr!

Today, I'm excited to announce that you have a new superpower: creating applications with [Spring Authorization Server]() on [Spring Initializr]()! That's right, it's time to begin your OAuth2 journey ...

Continue Reading
CVE-2023-33236

MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authenticat ...

Continue Reading
ChatGPT: Friend or Foe? | API Security Newsletter

Welcome to our April API newsletter, recapping some of the events of last month. This month’s topic is Generative AI tools (e.g., ChatGPT) in cybersecurity. It – along with API Security – domina ...

Continue Reading

CVSS3 - CRITICAL

Security Bulletin: Open Source Dependency Vulnerability

## Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. ## Vulnerability Details ** CVEID: **[CVE-2020-25864]() ** DESCRIPTION: **HashiCorp Consul is vulnerable to cross-site scrip ...

Continue Reading

CVSS3 - HIGH

CVSS2 - MEDIUM

Back to Main

Subscribe for the latest news: