Lucene search
K

420 matches found

Packet Storm
Packet Storm
added 2025/12/12 12:0 a.m.196 views

📄 dotCMS 24.04.24 Vulnerability Scanner

dotCMS version 24.04.24 advanced exploitation python scanning script that looks for local file inclusion, data exposure, SQL injection, and more. ============================================================================================================================================= | Title :...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.8 views

PT-2025-50940

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.1AI score0.00216EPSS
Exploits0References2
NVD
NVD
added 2025/12/10 9:16 p.m.8 views

CVE-2025-65832

The mobile application insecurely handles information stored within memory. By performing a memory dump on the application after a user has logged out and terminated it, Wi-Fi credentials sent during the pairing process, JWTs used for authentication, and other sensitive details can be retrieved. ...

4.6CVSS0.00122EPSS
Exploits0References2
OSV
OSV
added 2025/12/10 9:16 p.m.7 views

CVE-2025-65832

The mobile application insecurely handles information stored within memory. By performing a memory dump on the application after a user has logged out and terminated it, Wi-Fi credentials sent during the pairing process, JWTs used for authentication, and other sensitive details can be retrieved. ...

4.6CVSS5.8AI score0.00122EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/10 12:0 a.m.3 views

CVE-2025-65832

The mobile application insecurely handles information stored within memory. By performing a memory dump on the application after a user has logged out and terminated it, Wi-Fi credentials sent during the pairing process, JWTs used for authentication, and other sensitive details can be retrieved. ...

5.9AI score0.00122EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/05 12:0 a.m.3 views

CVE-2025-65730

Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, fixed in 0.62.19, uses a hardcoded secret for signing JWT tokens used for authentication...

6.5AI score0.00495EPSS
Exploits1References9
Snyk
Snyk
added 2025/12/02 7:43 p.m.3 views

Use of Hard-coded Cryptographic Key

Overview arcade-mcp is an Arcade.dev - Tool Calling platform for Agents Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key via the HTTP server uses a hardcoded default worker secret "dev" that is never validated or overridden during normal server startup. An...

6.9CVSS6.9AI score0.00281EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/02 6:23 p.m.8 views

CVE-2025-66454 Arcade MCP Default Hardcoded Worker Secret Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints

Arcade MCP allows you to to create, deploy, and share MCP Servers. Prior to 1.5.4, the arcade-mcp HTTP server uses a hardcoded default worker secret "dev" that is never validated or overridden during normal server startup. As a result, any unauthenticated attacker who knows this default key can...

6.5CVSS0.00281EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/25 8:37 p.m.7 views

CVE-2025-65015

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...

9.2CVSS6.8AI score0.00329EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/11/19 12:11 a.m.10 views

CVE-2025-56643

Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a toke...

9.1CVSS7AI score0.00332EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/12 4:29 a.m.4 views

EUVD-2025-114385

Malicious code in dotenv-parse-variables-jwt-soap-metalsmith npm...

6.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/11/04 8:51 a.m.3 views

go-jose: Go JOSE's Parsing Vulnerable to Denial of Service

A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Splittoken, "." to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large numb...

8.7CVSS6.8AI score0.00369EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/10/25 1:45 a.m.11 views

CVE-2025-11760 eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams <= 1.5.6 - Unauthenticated Sensitive Information Exposure

The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting vie...

5.3CVSS0.00287EPSS
Exploits0References3
Veracode
Veracode
added 2025/10/22 3:44 a.m.8 views

Improper Access Control

flaskappbuilder is vulnerable to improper access control. The vulnerability is due to the password reset endpoint remaining accessible when using OAuth, LDAP, or other non-database authentication methods, which allows an attacker to reset passwords and create valid JWT tokens even for disabled us...

6.5CVSS7.3AI score0.00376EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/18 3:41 a.m.4 views

CVE-2025-6950

An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens JWT used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid...

9.9CVSS7.1AI score0.00658EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/17 7:46 p.m.7 views

CVE-2025-3930

Strapi uses JSON Web Tokens JWT for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date which is set to 30 days by default, but can be changed. The existence...

6.3CVSS6.8AI score0.00641EPSS
Exploits0References1
NVD
NVD
added 2025/10/17 4:16 a.m.3 views

CVE-2025-6950

An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens JWT used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid...

9.9CVSS0.00658EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/17 3:19 a.m.3 views

EUVD-2025-34856

An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens JWT used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid...

9.9CVSS6.7AI score0.00658EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/17 3:19 a.m.3 views

CVE-2025-6950

An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens JWT used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid...

9.9CVSS6.8AI score0.00658EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/17 12:0 a.m.3 views

PT-2025-42580

Name of the Vulnerable Software and Affected Versions Moxa network security appliances and routers affected versions not specified Description A security issue exists in Moxa’s network security appliances and routers related to the use of hard-coded credentials. The system uses a hard-coded secre...

10CVSS6.3AI score0.00658EPSS
Exploits0References22
Rows per page
Query Builder