416 matches found
Security Bulletin: A vulnerability in the golang-jwt package affects IBM DB2 Big SQL on Cloud Pak for Data
Summary A vulnerability in the golang-jwt 4.5 package affects IBM DB2 Big SQL 7.8.0 on Cloud Pak for Data 5.1 and earlier Vulnerability Details CVEID:CVE-2025-30204 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2,...
Fleet data falsification vulnerability
Fleet is an open-source device management platform that supports various operating systems and devices. It helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. It’s free and flexible. Fleet has a data falsification vulnerability, which stems from...
CVE-2025-36418
IBM ApplinX 11.1 is affected by CVE-2025-36418, a privilege-escalation issue caused by improper verification of JWT tokens. This could allow an attacker to craft or modify a JSON Web Token to impersonate another user or elevate privileges. The Red Hat/others mirrors and IBM bulletin confirm the v...
PT-2026-3750
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.53.3 Fleet versions 4.53.3 through 4.75.2 Fleet versions 4.75.2 through 4.76.2 Fleet versions 4.76.2 through 4.77.1 Fleet versions 4.77.1 through 4.78.3 Description A critical authentication issue exists in Fleet Devi...
CVE-2020-36911
Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system...
CVE-2020-36911 Covenant 0.5 - Remote Code Execution (RCE)
Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system...
Use of a Broken or Risky Cryptographic Algorithm
Overview beatt83/jose-swift is a comprehensive support for the Jose suite of standards, including JWA JSON Web Algorithms, JWK JSON Web Key, JWE JSON Web Encryption, JWS JSON Web Signature, and JWT JSON Web Token. Affected versions of this package are vulnerable to Use of a Broken or Risky...
EUVD-2025-206136
Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling...
CVE-2025-47411
A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. This vulnerability allows an attacker to gain administrative control over...
CVE-2025-47411
CVE-2025-47411 affects Apache StreamPipes up to version 0.97.0. A non-administrator user can exploit a flaw in the user ID creation mechanism to swap a real user’s username with an administrator’s, enabling privilege escalation by manipulating JWT tokens. Reported impact includes administrative c...
EUVD-2026-0016
A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. This vulnerability allows an attacker to gain administrative control over...
[SECURITY] Fedora 43 Update: golang-github-jwt-5-5.2.1-6.fc43
A Go implementation of JSON Web Tokens...
CVE-2025-54981
Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...
CVE-2025-53960
When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...
GHSA-749J-2HP6-8CXM Apache StreamPark uses a Weak Encryption Algorithm
Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...
CVE-2025-54981 Apache StreamPark: Weak Encryption Algorithm in StreamPark
Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...
PT-2025-50940
Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...
📄 dotCMS 24.04.24 Vulnerability Scanner
dotCMS version 24.04.24 advanced exploitation python scanning script that looks for local file inclusion, data exposure, SQL injection, and more. ============================================================================================================================================= | Title :...
CVE-2025-65832
The mobile application insecurely handles information stored within memory. By performing a memory dump on the application after a user has logged out and terminated it, Wi-Fi credentials sent during the pairing process, JWTs used for authentication, and other sensitive details can be retrieved. ...
CVE-2025-65832
The mobile application insecurely handles information stored within memory. By performing a memory dump on the application after a user has logged out and terminated it, Wi-Fi credentials sent during the pairing process, JWTs used for authentication, and other sensitive details can be retrieved. ...