CVE-2026-7018

A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the...

EUVD-2026-25693

A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the...

EUVD-2026-19172

A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JWT Token Handler. This manipulation of the argument SERVERSECRET with the input secret causes use ...

CVE-2025-15598

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be...

EUVD-2025-20136

Malicious code in bioql PyPI...

EUVD-2025-20137

Malicious code in bioql PyPI...

EUVD-2024-33919

Malicious code in bioql PyPI...

e-learning 安全特征问题漏洞

e-learning is an exam system for youth-is-as-pale-as-poetry individual developers. A security feature issue vulnerability exists in e-learning version 1.0, which stems from insufficient generation of random values by the encryptSecret function in the JwtUtils.java file in the JWT Token Handler...

CVE-2025-7080

A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwtutils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret wit...

CVE-2025-7079

A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebellbackend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plu...

CVE-2025-7080

A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwtutils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret wit...

Use of Hard-coded Password

Overview Affected versions of this package are vulnerable to Use of Hard-coded Password via the mySecret argument in the JWT Token Handler process. An attacker can gain unauthorized access to sensitive information by exploiting the presence of a hard-coded secret value in authentication mechanism...

CVE-2025-7079

A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebellbackend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plu...

CVE-2025-7080 Done-0 Jank JWT Token jwt_utils.go hard-coded password

A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwtutils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret wit...

CVE-2025-7080

The CVE affects the Done-0 Jank JWT Token Handler (internal/utils/jwt_utils.go). The issue arises from manipulating the arguments accessSecret and refreshSecret (values jank-blog-secret and jank-blog-refresh-secret), which leads to use of a hard-coded password. Exploitation is possible remotely, ...

CVE-2025-7079 mao888 bluebell-plus JWT Token jwt.go hard-coded password

A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebellbackend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plu...

CVE-2025-7079

The CVE affects mao888 bluebell-plus up to version 2.3.0, specifically the JWT Token Handler in bluebell_backend/pkg/jwt/jwt.go. The issue stems from manipulating the mySecret argument, which leads to a hard-coded password being used. Exploitation can be remote and the attack has high complexity;...

PT-2025-28072 · Unknown · Mao888 Bluebell-Plus

Name of the Vulnerable Software and Affected Versions: mao888 bluebell-plus versions up to 2.3.0 Description: A problematic vulnerability has been found in the JWT Token Handler component, affecting the processing of the file bluebell backend/pkg/jwt/jwt.go. The issue involves the manipulation of...

PT-2025-28073 · Unknown · Done-0 Jank

Name of the Vulnerable Software and Affected Versions: Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17 Description: A problematic issue was found in the JWT Token Handler component, specifically in the file internal/utils/jwt utils.go. The manipulation of the accessSecret/refreshSecret...

CVE-2024-11619

A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. Affected by this issue is some unknown functionality of the component JWT Token Handler. The manipulation leads to use of default cryptographic key. The complexity of an attack is rather high. The...