Lucene search
+L

74 matches found

RedhatCVE
RedhatCVE
added 2025/10/16 12:40 a.m.15 views

CVE-2025-56749

Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account...

9.4CVSS7AI score0.00445EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/15 12:0 a.m.3 views

CVE-2025-56749

Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account...

6.7AI score0.00445EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2023-2783

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00265EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2023-29358

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00652EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/09/11 12:0 a.m.9 views

WordPress plugin BeyondCart Connector 信任管理问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A trust management issue...

9.8CVSS6.7AI score0.00596EPSS
Exploits1References2
Gitee
Gitee
added 2025/09/06 2:53 p.m.95 views

sudo_inject

Linux Privilege Escalation by injecting process possessing sudo tokens Inject process that have valid sudo token and activate our own sudo token Introduction We all noticed that sometimes sudo doesn't ask us for a password because he remembers us. How does he remember us and how does he identifie...

7.6AI score
Exploits0
NVD
NVD
added 2025/08/26 6:15 a.m.23 views

CVE-2025-41702

The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key...

9.8CVSS0.00491EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/26 6:10 a.m.5 views

CVE-2025-41702 egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass

The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key...

9.8CVSS7.4AI score0.00491EPSS
Exploits0References1
CVE
CVE
added 2025/08/21 12:0 a.m.35 views

CVE-2025-51606

CVE-2025-51606 affects hippo4j versions 1.0.0 through 1.5.0. The root cause is a hard-coded secret key used during JWT creation, enabling an attacker with access to source code or binaries to forge valid tokens and impersonate any user, including privileged ones like admin. The NVD metrics assign...

8.8CVSS7.5AI score0.00325EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.6 views

WAGO Device Sphere 安全漏洞

WAGO Device Sphere is a device management system from WAGO Germany. A security vulnerability exists in WAGO Device Sphere, which can be exploited by a remote, unauthenticated attacker to generate a JWT token using default certificates to gain full access...

10CVSS7AI score0.00346EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/04/24 3:24 a.m.3 views

SUSE CVE-2025-30206

Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers ...

9.8CVSS7.3AI score0.00805EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/17 12:0 a.m.7 views

PT-2025-1985 · Algo Edge · Algo Edge

Name of the Vulnerable Software and Affected Versions: Algo Edge versions up to 2.1.1 Description: A vulnerability exists in the authentication mechanism of Algo Edge, which could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft valid authenticati...

6.1CVSS7.1AI score0.00124EPSS
Exploits0References6
OSV
OSV
added 2024/10/16 9:15 a.m.1 views

CVE-2023-32188

A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE...

9.4CVSS5.8AI score0.00461EPSS
Exploits0References2
OSV
OSV
added 2024/08/13 7:15 p.m.4 views

CVE-2024-7570

Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user...

8.1CVSS7.5AI score0.01639EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/20 12:0 a.m.10 views

PT-2024-2477

Name of the Vulnerable Software and Affected Versions datahub-helm versions 0.1.143 through 0.2.181 Description The issue is related to the use of a default cryptographic key in the helm chart for deploying Datahub in a Kubernetes cluster. If there was a successful initial deployment during a...

9.4CVSS6.7AI score0.00605EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2024/01/13 2:15 a.m.3 views

CVE-2023-46943

An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens JWTs, allowing them access t...

9.1CVSS5.8AI score0.00498EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/15 12:0 a.m.6 views

PT-2023-7880 · Kaifa Technology · Webitr

Name of the Vulnerable Software and Affected Versions: Kaifa Technology WebITR affected versions not specified Description: The issue is related to the use of a hard-coded encryption key in the WebITR online attendance system. This allows an unauthenticated remote attacker to generate a valid tok...

9.8CVSS7.4AI score0.0057EPSS
Exploits0References9
The Hacker News
The Hacker News
added 2023/07/21 3:14 p.m.56 views

Azure AD Token Forging Technique in Microsoft Attack Extends Beyond Outlook, Wiz Reports

The recent attack against Microsoft's email infrastructure by a Chinese nation-state actor referred to as Storm-0558 is said to have a broader scope than previously thought. According to cloud security company Wiz, the inactive Microsoft account MSA consumer signing key used to forge Azure Active...

6.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/06/21 12:0 a.m.8 views

PT-2023-18600 · Suse · Suse Manager Server Module +1

Name of the Vulnerable Software and Affected Versions: SUSE Manager Server Module 4.2 versions prior to 4.2.50-150300.3.66.5 SUSE Manager Server Module 4.3 versions prior to 4.3.58-150400.3.46.4 NeuVector affected versions not specified Description: A user can reverse engineer the JSON Web Token...

9.9CVSS7.1AI score0.97781EPSS
Exploits24References399
SUSE CVE
SUSE CVE
added 2023/03/31 1:57 a.m.3 views

SUSE CVE-2023-22644

A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE...

5.5CVSS9.4AI score0.00452EPSS
Exploits0References18
Rows per page
Query Builder