1577 matches found
CVE-2025-63224
The Itel DAB Encoder IDEnc build 25aec8d is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the...
EUVD-2025-198101
The WP Login and Register using JWT plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mojwtgeneratenewapikey' function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-12822
The WP Login and Register using JWT plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mojwtgeneratenewapikey' function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-12822
CVE-2025-12822 concerns the WordPress plugin WP Login and Register using JWT . The vulnerability is caused by a missing capability check in the function mo_jwt_generate_new_api_key , present in all versions up to and including 3.0.0. This allows an attacker with at least Subscriber -level access ...
CVE-2025-63216
The Itel DAB Gateway IDGat build c041640a is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the...
CVE-2025-63217
The Itel DAB MUX IDMUX build c041640a is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the...
Itel DAB Encoder 安全漏洞
Itel DAB Encoder is a device for broadcasting systems from Itel Italia. A security vulnerability exists in Itel DAB Encoder that stems from improper JWT authentication, which could lead to authentication bypass...
WordPress plugin WP Login and Register using JWT 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-47471
Name of the Vulnerable Software and Affected Versions Itel DAB Encoder version 25aec8d Description The Itel DAB Encoder IDEnc build 25aec8d has a flaw in how it verifies JSON Web Tokens JWTs. This allows an attacker who has a valid JWT from one device to use it to gain administrative access to an...
CVE-2025-63224
The Itel DAB Encoder IDEnc build 25aec8d is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the...
PT-2025-47434
The WP Login and Register using JWT plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mo jwt generate new api key' function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with...
CVE-2025-63224
The CVE-2025-63224 entry concerns the Itel DAB Encoder (IDEnc build 25aec8d). The root cause is improper JWT validation across devices, enabling authentication bypass: an attacker with a valid JWT from one device can authenticate as an admin on any other device running the same firmware. This lea...
WordPress WP Login and Register using JWT plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) API Key Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ API Key Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WP Login and Register using JWT versions = 3.0.0...
DEBIAN-CVE-2025-65015
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...
CVE-2025-65015 joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...
CVE-2025-65015 joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...
CVE-2025-65015
The CVE-2025-65015 issue affects the Python library joserfc (JOSE). Versions 1.3.3–1.3.5 and 1.4.0–1.4.2 embed ExceededSizeError messages with fully loaded JWT payloads, which may cause a misconfigured or fronted production web server to allow arbitrarily large bearer tokens to be logged in full ...
EUVD-2025-198059
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...
CVE-2025-65015 joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...
CVE-2025-63216
The Itel DAB Gateway IDGat build c041640a is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the...