CVE-2025-7079 mao888 bluebell-plus JWT Token jwt.go hard-coded password

A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebell_backend/pkg/jwt/jwt.go of the ...

Continue Reading

July 06, 2025

EUVD-2025-19121

MICROSENS NMP Web+ contain JSON Web Tokens (JWT) that do not expire, which could allow an attacker to gain access to the...Read More ...

Continue Reading

July 04, 2025

EUVD-2025-19122

MICROSENS NMP Web+ could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass...Read More ...

Continue Reading

July 04, 2025

EUVD-2025-19634

A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker ...

Continue Reading

July 04, 2025

EUVD-2025-19635

A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. A ...

Continue Reading

July 04, 2025

EUVD-2025-19636

An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directory_token—which ...

Continue Reading

July 04, 2025

EUVD-2025-19581

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GE ...

Continue Reading

July 04, 2025

CVE-2025-34063

A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. A ...

Continue Reading

July 03, 2025

1 47 48 49 50 51 551

Back to Main
Subscribe for the latest news: