The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorizatio ...
Continue Reading
September 02, 2025
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorizatio ...
Continue Reading
September 02, 2025
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorizatio ...
Continue Reading
September 02, 2025
An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an ...
Continue Reading
September 02, 2025
An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an ...
Continue Reading
September 02, 2025
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. The json-jwt gem before 1.11.0 for Ruby lacks an element count d ...
Continue Reading
September 02, 2025
Name of the Vulnerable Software and Affected Versions: versions prior to 2.3 Description: An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam fun ...
Continue Reading
September 02, 2025
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. JOSE is JSON Web Almost Everything - JWA, JWS, JWE, JWT, JWK, JW ...
Continue Reading
September 02, 2025
Back to Main
