SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key

A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key. The attack is...

EUVD-2025-205475

A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is...

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key via the JWTSecretKey argument in the JWT Secret Handler. An attacker can gain unauthorized access to sensitive information by exploiting the use of a hard-coded cryptographic key in remote requests...

CVE-2025-15107

CVE-2025-15107 affects actiontech sqle up to 4.2511.0, specifically the JWT Secret Handler in sqle/utils/jwt.go. The vulnerability arises from the manipulation of the argument JWTSecretKey, leading to use of a hard-coded cryptographic key. Reported as remotely exploitable with high attack complex...

CVE-2025-15107 actiontech sqle JWT Secret jwt.go hard-coded key

A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is...

Exploit for Improper Verification of Cryptographic Signature in Fortinet Fortiproxy

CVEs: CVE-2025-59718 / CVE-2025-59719 Fortinet Poc Herramient...

PT-2025-53624

Name of the Vulnerable Software and Affected Versions PandaXGO PandaX versions prior to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5 Description A security issue exists in PandaXGO PandaX related to the JWT Secret Handler component. The issue involves the manipulation of the key argument within the...

PT-2025-53619

Name of the Vulnerable Software and Affected Versions actiontech sqle versions up to 4.2511.0 Description A security issue has been identified in actiontech sqle. The issue resides in an unknown function within the sqle/utils/jwt.go file of the JWT Secret Handler component. Manipulation of the...

CVE-2018-25128 SOCA Access Control System 180612 SQL Injection and Authentication Bypass

SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authentication, retrieve password hashes, and gain administrative access with full system privileges by...

CVE-2018-25128 SOCA Access Control System 180612 SQL Injection and Authentication Bypass

SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authentication, retrieve password hashes, and gain administrative access with full system privileges by...

CVE-2018-25128

The CVE-2018-25128 entry concerns the SOCA Access Control System 180612, where unvalidated POST parameters enable multiple SQL injection flaws in Login.php and Card_Edit_GetJson.php. The root cause is injection into queries, allowing attackers to bypass authentication, retrieve password hashes, a...

CVE-2025-68665

LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to langchain versions 0.3.37 and 1.2.3, a serialization injection vulnerability exists in LangChain JS's toJSON method and subsequently when string-ifying objects using...

CVE-2025-68665 LangChain serialization injection vulnerability enables secret extraction

LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to langchain versions 0.3.37 and 1.2.3, a serialization injection vulnerability exists in LangChain JS's toJSON method and subsequently when string-ifying objects using...

LangChain serialization injection vulnerability enables secret extraction

Context A serialization injection vulnerability exists in LangChain JS's toJSON method and subsequently when string-ifying objects using JSON.stringify. The method did not escape objects with 'lc' keys when serializing free-form data in kwargs. The 'lc' key is used internally by LangChain to mark...

BIT-NIFI-2025-66524 Apache NiFi: Deserialization of Untrusted Data in GetAsanaObject Processor

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...

MAL-2025-192807 Malicious code in json-panels (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14bb299cb1e56d4f7b4d57f302ae1b026008c1774c15d82f34339ce9aca711da The package json-panels was found to contain malicious code...

Malicious code in json-panels (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14bb299cb1e56d4f7b4d57f302ae1b026008c1774c15d82f34339ce9aca711da The package json-panels was found to contain malicious code...

EUVD-2025-204942

Malicious code in assert-json-not npm...

Malicious code in assert-json-not (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad56c36eacf8881039723de4379e14983280b611dba15585274909b1a3c1b326 The package assert-json-not was found to contain malicious code...

MAL-2025-192711 Malicious code in assert-json-not (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad56c36eacf8881039723de4379e14983280b611dba15585274909b1a3c1b326 The package assert-json-not was found to contain malicious code...