Lucene search
K

416 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/01/23 12:3 p.m.6 views

Security Bulletin: A vulnerability in the golang-jwt package affects IBM DB2 Big SQL on Cloud Pak for Data

Summary A vulnerability in the golang-jwt 4.5 package affects IBM DB2 Big SQL 7.8.0 on Cloud Pak for Data 5.1 and earlier Vulnerability Details CVEID:CVE-2025-30204 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2,...

7.5CVSS5.7AI score0.00693EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.14 views

Fleet data falsification vulnerability

Fleet is an open-source device management platform that supports various operating systems and devices. It helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. It’s free and flexible. Fleet has a data falsification vulnerability, which stems from...

9.8CVSS5.8AI score0.00226EPSS
Exploits0References3
CVE
CVE
added 2026/01/20 3:50 p.m.13 views

CVE-2025-36418

IBM ApplinX 11.1 is affected by CVE-2025-36418, a privilege-escalation issue caused by improper verification of JWT tokens. This could allow an attacker to craft or modify a JSON Web Token to impersonate another user or elevate privileges. The Red Hat/others mirrors and IBM bulletin confirm the v...

9.8CVSS5.5AI score0.0015EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.6 views

PT-2026-3750

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.53.3 Fleet versions 4.53.3 through 4.75.2 Fleet versions 4.75.2 through 4.76.2 Fleet versions 4.76.2 through 4.77.1 Fleet versions 4.77.1 through 4.78.3 Description A critical authentication issue exists in Fleet Devi...

9.8CVSS5.7AI score0.00226EPSS
Exploits0References97
OSV
OSV
added 2026/01/13 11:15 p.m.6 views

CVE-2020-36911

Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system...

9.3CVSS6.7AI score
Exploits0References7
Cvelist
Cvelist
added 2026/01/13 10:51 p.m.53 views

CVE-2020-36911 Covenant 0.5 - Remote Code Execution (RCE)

Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system...

9.8CVSS0.10447EPSS
Exploits1References7
Snyk
Snyk
added 2026/01/09 7:39 p.m.4 views

Use of a Broken or Risky Cryptographic Algorithm

Overview beatt83/jose-swift is a comprehensive support for the Jose suite of standards, including JWA JSON Web Algorithms, JWK JSON Web Key, JWE JSON Web Encryption, JWS JSON Web Signature, and JWT JSON Web Token. Affected versions of this package are vulnerable to Use of a Broken or Risky...

9.3CVSS7.1AI score
Exploits0References2
EUVD
EUVD
added 2026/01/02 3:28 p.m.4 views

EUVD-2025-206136

Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling...

9.1CVSS6.4AI score0.00492EPSS
Exploits1References4
OSV
OSV
added 2026/01/01 5:15 p.m.7 views

CVE-2025-47411

A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. This vulnerability allows an attacker to gain administrative control over...

8.1CVSS6.9AI score
Exploits0References2
CVE
CVE
added 2026/01/01 4:41 p.m.69 views

CVE-2025-47411

CVE-2025-47411 affects Apache StreamPipes up to version 0.97.0. A non-administrator user can exploit a flaw in the user ID creation mechanism to swap a real user’s username with an administrator’s, enabling privilege escalation by manipulating JWT tokens. Reported impact includes administrative c...

8.1CVSS6.6AI score0.14786EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/01/01 4:41 p.m.6 views

EUVD-2026-0016

A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. This vulnerability allows an attacker to gain administrative control over...

6.4AI score0.14786EPSS
Exploits0References3
Fedora
Fedora
added 2025/12/30 12:38 a.m.8 views

[SECURITY] Fedora 43 Update: golang-github-jwt-5-5.2.1-6.fc43

A Go implementation of JSON Web Tokens...

7.5CVSS7AI score0.00626EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/13 3:58 p.m.5 views

CVE-2025-54981

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.5CVSS7AI score0.00216EPSS
Exploits0References1
OSV
OSV
added 2025/12/12 4:15 p.m.5 views

CVE-2025-53960

When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...

5.9CVSS6.9AI score
Exploits0References2
OSV
OSV
added 2025/12/12 3:30 p.m.3 views

GHSA-749J-2HP6-8CXM Apache StreamPark uses a Weak Encryption Algorithm

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

8.7CVSS7AI score0.00216EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/12 3:10 p.m.3 views

CVE-2025-54981 Apache StreamPark: Weak Encryption Algorithm in StreamPark

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

6.7AI score0.00216EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.7 views

PT-2025-50940

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.1AI score0.00216EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2025/12/12 12:0 a.m.192 views

📄 dotCMS 24.04.24 Vulnerability Scanner

dotCMS version 24.04.24 advanced exploitation python scanning script that looks for local file inclusion, data exposure, SQL injection, and more. ============================================================================================================================================= | Title :...

7.4AI score
Exploits0
OSV
OSV
added 2025/12/10 9:16 p.m.6 views

CVE-2025-65832

The mobile application insecurely handles information stored within memory. By performing a memory dump on the application after a user has logged out and terminated it, Wi-Fi credentials sent during the pairing process, JWTs used for authentication, and other sensitive details can be retrieved. ...

4.6CVSS5.8AI score0.00122EPSS
Exploits0References2
NVD
NVD
added 2025/12/10 9:16 p.m.8 views

CVE-2025-65832

The mobile application insecurely handles information stored within memory. By performing a memory dump on the application after a user has logged out and terminated it, Wi-Fi credentials sent during the pairing process, JWTs used for authentication, and other sensitive details can be retrieved. ...

4.6CVSS0.00122EPSS
Exploits0References2
Rows per page
Query Builder