Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/04/03 4:59 p.m.8 views

CVE-2026-33746

Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...

9.8CVSS5.9AI score0.003EPSS
Exploits0References1
NVD
NVD
added 2026/04/02 4:16 p.m.5 views

CVE-2026-33746

Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...

9.8CVSS0.003EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/02 3:6 p.m.1 views

CVE-2026-33746

Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...

9.8CVSS5.9AI score0.003EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/02 3:6 p.m.19 views

CVE-2026-33746 Convoy: JWT Signature Verification Bypass Allows Authentication as Arbitrary Users

Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...

9.8CVSS0.003EPSS
Exploits0References2
CVE
CVE
added 2026/04/02 3:6 p.m.14 views

CVE-2026-33746

Convoy (KVM server management panel) is vulnerable in versions 3.9.0-beta through

9.8CVSS5.9AI score0.003EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/02 3:6 p.m.5 views

CVE-2026-33746 Convoy: JWT Signature Verification Bypass Allows Authentication as Arbitrary Users

Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...

9.8CVSS5.9AI score0.003EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.7 views

Convoy 数据伪造问题漏洞

Convoy is an open-source platform developed by Convoy for hosting providers and enthusiasts. Versions of Convoy from 3.9.0-beta to 4.5.1 contained a data manipulation vulnerability due to insufficient validation of JWT token signatures, which could lead to authentication bypasses...

9.8CVSS5.7AI score0.003EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/25 8:56 p.m.9 views

CVE-2025-52562

Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.1, there is a directory traversal vulnerability in the LocaleController component of Performave Convoy. An unauthenticated remote attacker can exploit this vulnerability by sending a specially...

10CVSS7.3AI score0.01706EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/23 8:48 p.m.6 views

CVE-2025-52562 Convey Panel Directory Traversal in LocaleController leading to Remote Code Execution

Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.1, there is a directory traversal vulnerability in the LocaleController component of Performave Convoy. An unauthenticated remote attacker can exploit this vulnerability by sending a specially...

10CVSS7.9AI score0.01706EPSS
Exploits0References2
CVE
CVE
added 2025/06/23 8:48 p.m.60 views

CVE-2025-52562

Convoy CVE-2025-52562 describes an unauthenticated directory traversal vulnerability in the LocaleController affecting Convoy versions 3.9.0-rc3 through 4.4.0. Exploitation allows including and executing arbitrary PHP files on the server. The issue has been patched in version 4.4.1; a temporary w...

10CVSS9.8AI score0.01706EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/23 8:48 p.m.14 views

CVE-2025-52562 Convey Panel Directory Traversal in LocaleController leading to Remote Code Execution

Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.1, there is a directory traversal vulnerability in the LocaleController component of Performave Convoy. An unauthenticated remote attacker can exploit this vulnerability by sending a specially...

10CVSS0.01706EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/23 12:0 a.m.6 views

Convoy 安全漏洞

Convoy is Convoy Open Source a modern platform tailored for hosting providers and enthusiasts. A security vulnerability exists in Convoy versions prior to 4.4.1 that stems from a directory traversal vulnerability in the LocaleController component...

10CVSS7.6AI score0.01706EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/23 12:0 a.m.8 views

PT-2025-26645 · Convoy · Convoy

Name of the Vulnerable Software and Affected Versions: Convoy versions 3.9.0-rc3 through 4.4.0 Description: Convoy is a KVM server management panel for hosting businesses. A directory traversal vulnerability exists in the LocaleController component, allowing an unauthenticated remote attacker to...

10CVSS8AI score0.01706EPSS
Exploits0References19
NVD
NVD
added 2025/01/13 2:15 p.m.6 views

CVE-2025-22344

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in timmcdaniels Media Category Library media-category-library allows Reflected XSS.This issue affects Media Category Library: from n/a through = 2.7...

7.1CVSS0.00246EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/13 12:0 a.m.2 views

PT-2025-4458 · Unknown · Convoy Media Category Library

Name of the Vulnerable Software and Affected Versions: Convoy Media Category Library versions n/a through 2.7 Description: The issue affects Convoy Media Category Library, allowing Reflected XSS due to improper neutralization of input during web page generation. This is a type of Cross-site...

7.1CVSS8.8AI score0.00246EPSS
Exploits0References6
Openbugbounty
Openbugbounty
added 2024/06/01 8:4 a.m.6 views

convoy-shipping.com Cross Site Scripting vulnerability OBB-3932171

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
HackRead
HackRead
added 2022/02/08 4:52 p.m.19 views

Christian crowdfunding site GiveSendGo hit by DDoS attack

By Waqas The "heavy" DDoS attack on GiveSendGo took place when the platform started collecting donations for Freedom Convoy 2022… This is a post from HackRead.com Read the original post: Christian crowdfunding site GiveSendGo hit by DDoS attack...

1.8AI score
Exploits0
Rows per page
Query Builder