2 matches found
CVE-2026-45631
Dokploy (PaaS) fixed in 0.29.3 a pre-auth admin takeover vulnerability caused by a hardcoded BETTER_AUTH_SECRET fallback (better-auth-secret-123456789) present from 0.27.0 to before 0.29.3. An unauthenticated attacker could forge email verification JWTs, trigger auto-sign-in as admin, and execute...
Dust: Improper Session Invalidation – Auto Sign-In Without Credentials After Logout (Affects Chrome & Firefox)
The session was not invalidated properly when the user logged out. Revisiting the login page allowed automatic re-authentication without user input, as the session remained active or was improperly restored across multiple browsers...