201 matches found
CVE-2025-56749
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account...
CVE-2025-56749
The CVE-2025-56749 issue affects Creativeitem Academy LMS up to version 6.14, where a hardcoded default JWT secret allows forging valid tokens, enabling authentication bypass and unauthorized access to user accounts. Multiple connected sources corroborate the vulnerability across NVD, Red Hat, EN...
EUVD-2017-16550
Malware in sbrugna...
EUVD-2018-5755
Malware in sbrugna...
EUVD-2022-3880
Malicious code in bioql PyPI...
EUVD-2024-54777
Malicious code in bioql PyPI...
EUVD-2025-14597
Malicious code in bioql PyPI...
EUVD-2025-23514
Malicious code in bioql PyPI...
EUVD-2022-0108
Malicious code in bioql PyPI...
EUVD-2025-12378
Malicious code in bioql PyPI...
CVE-2025-54807
The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system...
CVE-2025-54807
The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system...
PT-2025-34744
Name of the Vulnerable Software and Affected Versions: egOS WebGUI affected versions not specified Description: The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass...
CVE-2025-51606
CVE-2025-51606 affects hippo4j versions 1.0.0 through 1.5.0. The root cause is a hard-coded secret key used during JWT creation, enabling an attacker with access to source code or binaries to forge valid tokens and impersonate any user, including privileged ones like admin. The NVD metrics assign...
CVE-2025-44963
RUCKUS Network Director RND before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key...
CVE-2025-44963
RUCKUS Network Director RND before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key...
CVE-2025-44963
RUCKUS Network Director RND before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key...
CVE-2024-38648
A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials...
CVE-2024-38648
A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials...
CVE-2024-38648
A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials...