The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have I ...
Continue Reading
September 02, 2025
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access ...
Continue Reading
September 02, 2025
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorizatio ...
Continue Reading
September 02, 2025
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorizatio ...
Continue Reading
September 02, 2025
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorizatio ...
Continue Reading
September 02, 2025
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorizatio ...
Continue Reading
September 02, 2025
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorizatio ...
Continue Reading
September 02, 2025
An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an ...
Continue Reading
September 02, 2025
Back to Main
