Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.4 views

CVE-2025-69971

FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...

9.8CVSS5.5AI score0.02036EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 6:30 p.m.4 views

GHSA-2R8F-CF6W-X5VQ Duplicate Advisory: FUXA contains a hard-coded credential vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c8m8-3jcr-6rj5. This link is maintained to preserve external references. Original Description FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a...

9.3CVSS5.8AI score0.02036EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/03 12:0 a.m.4 views

CVE-2025-69971

FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...

5.5AI score0.02036EPSS
Exploits0References2
NVD
NVD
added 2026/01/13 11:15 p.m.5 views

CVE-2020-36911

Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system...

9.8CVSS0.10447EPSS
Exploits1References7
OSV
OSV
added 2026/01/13 11:15 p.m.6 views

CVE-2020-36911

Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system...

9.3CVSS6.7AI score
Exploits0References7
CVE
CVE
added 2026/01/13 10:51 p.m.17 views

CVE-2020-36911

CVE-2020-36911 affects Covenant versions 0.1.3 through 0.5, described as a remote code execution vulnerability where an attacker can forge JWT tokens with administrative privileges and upload DLL payloads to execute arbitrary commands on the target system. The threat relies on forging tokens to g...

9.8CVSS8.5AI score0.10447EPSS
Exploits1References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/13 10:51 p.m.3 views

CVE-2020-36911 Covenant 0.5 - Remote Code Execution (RCE)

Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system...

9.8CVSS8.5AI score0.10447EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.5 views

PT-2026-2356

Name of the Vulnerable Software and Affected Versions Covenant versions 0.1.3 through 0.5 Description The software contains a remote code execution issue that allows attackers to create malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and...

9.8CVSS6.6AI score0.10447EPSS
Exploits1References10
Rows per page
Query Builder