CVE-2022-36672

Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session.Read More ...

Continue Reading

August 31, 2022

Use of Hard-coded Credentials

Hardcoded JWT Secret in AgileConfig Read More ...

Continue Reading

August 31, 2022

CVSS3 - CRITICAL

Use of Hard-coded Credentials in AgileConfig.Client

Hardcoded JWT Secret in AgileConfig Read More ...

Continue Reading

August 30, 2022

CVSS3 - CRITICAL

Use of Hard-coded Credentials in AgileConfig.Client

Hardcoded JWT Secret in AgileConfig Read More ...

Continue Reading

August 30, 2022

CVSS3 - CRITICAL

What are JWT Injections, and Why do You Need to Know About Them

JSON Web Tokens (JWTs for short) are the new standard for transmitting identity information in the digital age. JWTs are JSON objects that act as an identifier for your user or application. They’re u ...

Continue Reading

August 26, 2022

CVSS3 - MEDIUM

CVSS2 - MEDIUM

This Week in Spring – August 23rd, 2022

Hi, Spring fans! Welcome to another installment of _This Week in Spring_! We've got a _ton_ to cover, so let's dive right into it! * [A Bootiful Podcast: Flowable founder Joram Barrez on a Bootiful ...

Continue Reading

August 23, 2022

CVE-2022-35540

Hardcoded JWT Secret in AgileConfig Read More ...

Continue Reading

August 18, 2022

Cockpit Content Platform vulnerable to 2FA bypass

Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication (2FA) bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an att ...

Continue Reading

August 18, 2022

CVSS3 - HIGH

1 489 490 491 492 493 504

Back to Main
Subscribe for the latest news: