Hono 数据伪造问题漏洞

Hono is a web framework written in TypeScript from the Hono community. A data forgery issue vulnerability exists in Hono versions prior to 4.11.4 that stems from the JWT validation middleware allowing the JWT header algorithm to influence signature verification, potentially leading to algorithmic...

PT-2026-2806

Name of the Vulnerable Software and Affected Versions Cal.com versions 3.1.6 through 6.0.6 Description Cal.com, an open-source scheduling software, has a critical flaw in a custom NextAuth JWT callback. This issue allows attackers to gain full authenticated access to any user's account by supplyi...

MiracleLinux 9 : grafana-10.2.6-11.el9_6 (AXSA:2025-10478:10)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10478:10 advisory. golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing CVE-2025-30204 Tenable has extracted the preceding description block directl...

GO-2025-4269 SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key in github.com/actiontech/sqle

SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key in github.com/actiontech/sqle...

EUVD-2026-1693

jose-swift has JWT Signature Verification Bypass via None Algorithm...

jose-swift has JWT Signature Verification Bypass via None Algorithm

Summary An authentication bypass vulnerability allows any unauthenticated attacker to forge arbitrary JWT tokens by setting "alg": "none" in the token header. The library's verification functions immediately return true for such tokens without performing any cryptographic verification, enabling...

GHSA-88Q6-JCJG-HVMW jose-swift has JWT Signature Verification Bypass via None Algorithm

Summary An authentication bypass vulnerability allows any unauthenticated attacker to forge arbitrary JWT tokens by setting "alg": "none" in the token header. The library's verification functions immediately return true for such tokens without performing any cryptographic verification, enabling...

CVE-2021-27884

Weak JSON Web Token JWT signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used...

jose-swift has JWT Signature Verification Bypass via None Algorithm

An authentication bypass vulnerability allows any unauthenticated attacker to forge arbitrary JWT tokens by setting "alg": "none" in the token header. The library's verification functions immediately return true for such tokens without performing any cryptographic verification, enabling complete...

CVE-2024-2260

A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token...

Nextcloud: Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDC

An authentication bypass vulnerability was discovered in the ID4me handling in the OIDC implementation. The vulnerability was caused by missing JWT signature verification for user authentication...

Improper Access Control via Weak JWT Token Leads to Admin Takeover and Privilege Escalation

Description The application's session management is vulnerable to Authorization Bypass and Vertical Privilege Escalation. During dynamic analysis of the application's authentication flow, I discovered that the JSON Web Tokens JWT are signed with a weak secret key. This allowed me to perform an...

SecLeak

SecLeak Assessment This repository contains the s...

Improper Cryptographic Key Management

Apache StreamPark is vulnerable to Improper Cryptographic Key Management. The vulnerability is due to using the user’s password directly as the HMAC signing key for JWTs, which allows an attacker to brute-force passwords offline or forge valid tokens to impersonate users and take over accounts...

CVE-2025-68620

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 expose two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated...

GHSA-FQ56-HVG6-WVM5 Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling

SignalK Server exposes two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated polling of access request status. Unauthenticated WebSocket Request Enumeration: When ...

CVE-2025-68620

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 expose two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated...

Incorrect Authorization

Overview streampipes is a Python library for Apache StreamPipes Affected versions of this package are vulnerable to Incorrect Authorization via the user ID creation mechanism. A user can gain administrative privileges by manipulating JWT tokens and swapping the username of an existing user with a...

GHSA-5R2G-VPHF-M5XC Apache StreamPipes has Improper Privilege Management issue

A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. This vulnerability allows an attacker to gain administrative control over...

Apache StreamPipes has Improper Privilege Management issue

A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. This vulnerability allows an attacker to gain administrative control over...