CVE-2022-36672
CVE-2022-36672 affects Novel-Plus (v3.6.2) where a hard-coded JWT key is located in the project config file, enabling attackers to create custom user sessions. The NVD entry cites a critical impact (CVSS 3.1: 9.8; NETWORK, LOW complexity, NONE privileges required, with HIGH confidentiality, integ...