CVE-2025-63217

The Itel DAB MUX IDMUX build c041640a is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the...

joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads

Summary The ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. Details In situations where a misconfigured — or entirely absent — production-grade web server sits in front of a Python...

CVE-2025-56643

Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a toke...

PT-2025-47405

Name of the Vulnerable Software and Affected Versions joserfc versions 1.3.3 through 1.3.4 joserfc versions 1.4.0 through 1.4.1 Description The joserfc library has an issue where excessively large JWT JSON Web Token payloads can be logged, potentially leading to resource exhaustion. Specifically,...

CVE-2025-56643

Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a toke...

EUVD-2025-198058

Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a toke...

wiki.js 安全漏洞

wiki.js is an open source Wiki application from requarks.io. A security vulnerability exists in wiki.js version 2.5.307, which stems from the failure to properly revoke a JWT token when a user logs out, which could lead to unauthorized access...

joserfc 安全漏洞

joserfc is a Python library open-sourced by Authlib. A security vulnerability exists in joserfc version 1.3.3 up to and including version 1.3.5 and version 1.4.0 up to and including version 1.4.2, which stems from an ExceededSizeError exception message embedded in the Undecoded JWT Token section,...

CVE-2025-63216

The Itel DAB Gateway IDGat build c041640a is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the...

CVE-2025-63217

The CVE describes an Authentication Bypass in the Itel DAB MUX (IDMUX build c041640a) caused by improper JWT validation across devices. Exploitation would allow an attacker who has a valid JWT from one device to authenticate as an administrator on any other device running the same firmware, enabl...

CVE-2025-63217

The Itel DAB MUX IDMUX build c041640a is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the...

CVE-2025-63216

CVE-2025-63216 concerns the Itel DAB Gateway (IDGat build c041640a) where authentication is bypassed due to improper JWT validation. Attackers can reuse a valid JWT token from one device to authenticate and gain administrative access on any other device running the same firmware, enabling full co...

Itel DAB MUX 安全漏洞

Itel DAB MUX is an encoding and multiplexing all-in-one device from Itel, Italy. A security vulnerability exists in the Itel DAB MUX build c041640a version, which stems from improper JWT authentication and could lead to authentication bypass and full device control...

PT-2025-47409

Name of the Vulnerable Software and Affected Versions Itel DAB Gateway versions c041640a Description The Itel DAB Gateway is susceptible to an authentication bypass due to inadequate JWT JSON Web Token validation. An attacker can exploit this by reusing a valid JWT token acquired from one device ...

PT-2025-47410

Name of the Vulnerable Software and Affected Versions Itel DAB MUX versions affected versions not specified Description The Itel DAB MUX IDMUX build c041640a has a flaw in how it verifies JWT JSON Web Token authentication. This allows an attacker who has a valid JWT token from one device to use i...

CVE-2025-56643

Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a toke...

Itel DAB Gateway IDGat 安全漏洞

Itel DAB Gateway IDGat is an audio transmission gateway from Itel Italy. A security vulnerability exists in the Itel DAB Gateway IDGat build c041640a version, which stems from improper JWT authentication and could lead to authentication bypass and full device control...

EUVD-2025-197729

A vulnerability was identified in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Impacted is the function JwtAuthenticationFilter of the file src/main/java/com/suisung/shopsuite/common/security/JwtAuthenticationFilter.java. The manipulation leads to path...

GHSA-4M32-CJV7-F425 AstrBot is vulnerable to RCE with hard-coded JWT signing keys

Summary AstrBot uses a hard-coded JWT signing key, allowing attackers to execute arbitrary commands by installing a malicious plugin. Details AstrBot uses a hard-coded JWT signing key, which allows attackers to bypass the authentication mechanism. Once bypassed, the attacker can install a Python...

EUVD-2025-197660

AstrBot is vulnerable to RCE with hard-coded JWT signing keys...