CVE-2024-29855

Hard-coded JWT secret allows authentication bypass in Veeam Recovery...Read More ...

Continue Reading
Authentication Bypass By Spoofing

github.com/openshift/telemeter/ is vulnerable to Authentication Bypass By Spoofing. The vulnerability is due to improper checks which allows an attacker to bypass the issue ("iss") c ...

Continue Reading
Authentication Bypass By Spoofing

github.com/kubernetes/kubernetes/ is vulnerable to Authentication Bypass By Spoofing. The vulnerability is due to improper issuers check which allows an attacker to bypass the issue ("iss& ...

Continue Reading
RHEL 8 : python-jwt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. python-jwt: Key con ...

Continue Reading
CVE-2024-5483 LearnPress – WordPress LMS Plugin <= 4.2.6.8 – Basic Information Disclosure via JSON API

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_ ...

Continue Reading
CVE-2024-33625

CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass...Read More ...

Continue Reading
CVE-2024-32988

'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Secret key for JWT may be retrieved if ...

Continue Reading
CVE-2024-5483

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_ ...

Continue Reading

Back to Main

Subscribe for the latest news: