Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
๐Ÿ”ฅ Daily Hot!
๐Ÿ’ช๐Ÿฝ CPE Enhanced Advisories
๐Ÿ•ถ Shadow Exploits
๐Ÿ•ต๐Ÿผ Vulners CPE
๐Ÿ” Security news
๐Ÿ’ป Exploit updates
๐Ÿ“‘ Blogs review
๐Ÿง Linux vulnerabilities
๐Ÿž Bugbounty
๐Ÿค– AI High Score
๐Ÿ“ฐ CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEโ€ขadded 2025/05/22 11:2 p.m.โ€ข7 views

CVE-2022-35540

Hardcoded JWT Secret in AgileConfig 1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access...

9.8CVSS7.1AI score0.00557EPSS
Exploits0References1
Veracode
Veracodeโ€ขadded 2025/04/23 3:39 p.m.โ€ข7 views

Authentication Bypass

Dpanel is vulnerable to Authentication Bypass. The vulnerability is due to use of a hardcoded JWT secret due to the default configuration embedding a static secret, allowing attackers to forge valid tokens and gain unauthorized administrative access...

9.8CVSS6.8AI score0.00058EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVEโ€ขadded 2025/04/17 8:14 p.m.โ€ข19 views

CVE-2025-30206

Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers ...

9.8CVSS7.2AI score0.00058EPSS
Exploits0References1
Github Security Blog
Github Security Blogโ€ขadded 2025/04/15 2:17 p.m.โ€ข15 views

Dpanel's hard-coded JWT secret leads to remote code execution

Summary The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. Details The Dpanel service, when initiated using its default configuration, includes a hardcoded JWT secret embedded directly...

9.8CVSS7.6AI score0.00058EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologiesโ€ขadded 2025/04/15 12:0 a.m.โ€ข4 views

PT-2025-16384

Name of the Vulnerable Software and Affected Versions Dpanel versions prior to 1.6.1 Description The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw enables attackers t...

9.9CVSS5.7AI score0.00322EPSS
Exploits1References39
Cvelist
Cvelistโ€ขadded 2024/03/13 6:18 p.m.โ€ข25 views

CVE-2024-28194 Authentication Bypass Because of Hardcoded JWT Secret in your_spotify

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.8.0 use a hardcoded JSON Web Token JWT secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This vulnerability allows...

9.1CVSS9.4AI score0.0022EPSS
Exploits1References1
CVE
CVEโ€ขadded 2022/08/18 10:17 p.m.โ€ข463 views

CVE-2022-35540

CVE-2022-35540 concerns AgileConfig prior to 1.6.8 where a hard-coded JWT secret in the server enables remote attackers to forge a token and gain administrator access. The issue, documented across multiple sources (Red Hat, GHSA, OSV, NVD), attributes the root cause to an inline secret, allowing ...

9.8CVSS9.5AI score0.00557EPSS
Exploits0References1Affected Software1
OSV
OSVโ€ขadded 2021/09/03 2:15 a.m.โ€ข16 views

PYSEC-2021-342

A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system...

10CVSS4.5AI score0.0026EPSS
Exploits0References2
Rows per page
Query Builder