OpenClaw has an unspecified vulnerability (CNVD-2026-19618)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the derivation of a loopback MCP owner context from a server-issued bearer token that can be spoofed in the request header, which can be exploited by an attacke...

EUVD-2026-23136

The Barcode Scanner +Mobile App – Inventory manager, Order fulfillment system, POS Point of Sale plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin trusting a user-supplied...

PT-2026-33185

The Barcode Scanner +Mobile App – Inventory manager, Order fulfillment system, POS Point of Sale plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin trusting a user-supplied...

EUVD-2020-23706

Malware in sbrugna...

CVE-2025-44963

RUCKUS Network Director RND before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key...

CVE-2023-47117

Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...

CVE-2020-36128

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...

CVE-2025-30206 Dpanel's hard-coded JWT secret leads to remote code execution

Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers ...

PT-2024-35960

Name of the Vulnerable Software and Affected Versions: Argo Workflows versions 3.5.7 through 3.5.8 Description: Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, archived workflows can be retrieved with ...

VulnCheck KEV: CVE-2023-29357

Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator...

Western Digital My Cloud OS 安全漏洞

Western Digital My Cloud is a personal cloud storage device from Western Digital. A security vulnerability exists in Western Digital My Cloud OS 5 prior to version 5.26.202, which stems from an authentication bypass via spoofing issue discovered in the token-based authentication mechanism that...

K11797: Pre-logon sequence vulnerability to token spoofing

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this Solution have not been evaluated for...

AVEVA Edge 安全漏洞

AVEVA Edge is a highly scalable and flexible HMI/SCADA software from the UK-based Jianwei Software AVEVA. An information disclosure vulnerability exists in AVEVA Edge version 2020 R2, which can be exploited by an attacker to obtain account information for accessing external DB resource...

Python-jwt subject to Authentication Bypass by Spoofing

...

CVE-2020-36128

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...

CVE-2020-36128

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...

CVE-2020-36128

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...

Spoofing

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...

CVE-2020-36128

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...

CVE-2020-36128

CVE-2020-36128 affects Pax Technology PAXSTORE v7.0.8_20200511171508 and earlier. The vulnerability stems from token impersonation: each terminal uses an X-Terminal-Token to access the marketplace, and an attacker can intercept HTTPS requests to obtain the token assignment and craft a token to im...