CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

RedhatCVE•added 2025/05/22 11:2 p.m.•7 views

CVE-2022-35540

Hardcoded JWT Secret in AgileConfig 1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access...

9.8CVSS7.1AI score0.00557EPSS

Exploits0References1

Veracode•added 2025/04/23 3:39 p.m.•7 views

Authentication Bypass

Dpanel is vulnerable to Authentication Bypass. The vulnerability is due to use of a hardcoded JWT secret due to the default configuration embedding a static secret, allowing attackers to forge valid tokens and gain unauthorized administrative access...

9.8CVSS6.8AI score0.00058EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2025/04/17 8:14 p.m.•18 views

CVE-2025-30206

Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers ...

9.8CVSS7.2AI score0.00058EPSS

Exploits0References1

Github Security Blog•added 2025/04/15 2:17 p.m.•15 views

Dpanel's hard-coded JWT secret leads to remote code execution

Summary The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. Details The Dpanel service, when initiated using its default configuration, includes a hardcoded JWT secret embedded directly...

9.8CVSS7.6AI score0.00058EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2025/04/15 12:0 a.m.•4 views

PT-2025-16384

Name of the Vulnerable Software and Affected Versions Dpanel versions prior to 1.6.1 Description The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw enables attackers t...

9.9CVSS5.7AI score0.00322EPSS

Exploits1References39

Cvelist•added 2024/03/13 6:18 p.m.•24 views

CVE-2024-28194 Authentication Bypass Because of Hardcoded JWT Secret in your_spotify

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.8.0 use a hardcoded JSON Web Token JWT secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This vulnerability allows...

9.1CVSS9.4AI score0.0022EPSS

Exploits1References1

CVE•added 2022/08/18 10:17 p.m.•463 views

CVE-2022-35540

CVE-2022-35540 concerns AgileConfig prior to 1.6.8 where a hard-coded JWT secret in the server enables remote attackers to forge a token and gain administrator access. The issue, documented across multiple sources (Red Hat, GHSA, OSV, NVD), attributes the root cause to an inline secret, allowing ...

9.8CVSS9.5AI score0.00557EPSS

Exploits0References1Affected Software1

OSV•added 2022/05/24 7:13 p.m.•13 views

GHSA-P4XH-4869-8VRG AdaptiveScale LXDUI Hardcoded JWT Secret Key

A Hardcoded JWT Secret Key in metadata.py metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system...

9.8CVSS9.5AI score0.0026EPSS

Exploits0References5