github.com/navidrome/navidrome is vulnerable to Authentication bypass. The vulnerability is due to the DefaultGet function within auth.go which is used to retrieve the JWT secret key from the database ...
Continue Reading
December 21, 2023
Summary A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizi ...
Continue Reading
December 20, 2023
Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce...Read More ...
Continue Reading
December 20, 2023
Summary A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizi ...
Continue Reading
December 19, 2023
SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an ...
Continue Reading
December 15, 2023
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5485 advisory. - Versions of the package semver before 7 ...
Continue Reading
December 15, 2023
### Impact A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. Th ...
Continue Reading
December 15, 2023
### Impact A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. Th ...
Continue Reading
December 15, 2023
Back to Main
