PT-2026-3631

IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges...

PT-2026-3519

Name of the Vulnerable Software and Affected Versions MineAdmin versions 1.x and 2.x Description A weakness exists due to insufficient verification of data authenticity within the JWT Token Handler component. This issue affects the refresh function of the /system/refresh file. The attack can be...

IBM ApplinX 数据伪造问题漏洞

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern Web-based applications. IBM ApplinX has a data forgery issue vulnerability that stems from improper JWT token validation, which can be exploited by an attacker to elevate...

Open5GS security vulnerabilities

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Open5GS has a security vulnerability, which stems from the use of a hardcoded JWT signing key...

CVE-2025-52661

HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised...

EUVD-2026-3207

HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised...

CVE-2025-52661

Technical details about CVE-2025-52661 are not publicly disclosed in the provided documents. No affected versions, root cause, or remediation are specified. Monitor for updates from vendors and security advisories.

CVE-2025-52661

HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that is caused by a JWT token that expires too long increasing the risk of token misuse. An attacker can exploit the vulnerability to cause unauthorized access...

PT-2026-3469

HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised...

CVE-2025-59870

HCL MyXalytics is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk...

CVE-2025-59870 Improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk

HCL MyXalytics is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk...

PT-2026-3243

Name of the Vulnerable Software and Affected Versions HCL MyXalytics version 6.7 Description The web application does not rotate the JWT signing secret, resulting in improper management of a static secret. This introduces a security risk. Recommendations Rotate the JWT signing secret in the web...

HCL MyXalytics security vulnerabilities

HCL MyXalytics is an analytical software product developed by the Indian company HCL. It is used for data analysis and related tasks. Version HCL MyXalytics v6.7 contains a security vulnerability. This vulnerability stems from improper management of the static JWT signature key and lack of...

CVE-2025-68925

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2...

CVE-2026-22818

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly defi...

CVE-2026-22817

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the selected JWK did not explicitly specify an algorith...

Improper Verification of Cryptographic Signature

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the JWT verification middleware fallback on unverified JWT header when alg field is not present. An attacker can gain unauthorized...

Hono JWK Auth Middleware has JWT algorithm confusion when JWK lacks "alg" (untrusted header.alg fallback)

Summary A flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly define an algorithm. This could enable JWT algorithm confusion and, in certain configurations, allow forged...

Use of a Broken or Risky Cryptographic Algorithm

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the JWT verification middleware using unsafe default fallback algorithm. An attacker can gain unauthorized access or escalate...