52 matches found
EUVD-2023-1028
Malicious code in bioql PyPI...
EUVD-2023-1142
Malicious code in bioql PyPI...
EUVD-2023-1004
Malicious code in bioql PyPI...
EUVD-2025-25521
Malicious code in bioql PyPI...
CVE-2025-51606
hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT JSON Web Token creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "admin". The vulnerability poses a critical...
cn.hippo4j:hippo4j-adapter-web (>=1.4.0 <=1.5.0), cn.hippo4j:hippo4j-config-spring-boot-1x-starter (>=1.4.2 <=1.5.0) +22 more potentially affected by CVE-2025-51606 via cn.hippo4j:hippo4j-core (>=1.1.0-RC1 <=1.5.0)
cn.hippo4j:hippo4j-core MAVEN version =1.1.0-RC1, =1.4.0, =1.4.2, =1.4.0, =1.1.0, =1.4.3, =1.4.0, =1.4.1, =1.4.0, =1.4.1, =1.4.0, =1.4.1, =1.4.0, =1.1.0, =1.4.0, =1.4.1, =1.5.0 and more Source cves: CVE-2025-51606 Source advisory: OSV:GHSA-48CG-9C55-J2Q7...
hippo4j Includes Hard Coded Secret Key in JWT Creation
hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT JSON Web Token creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "admin". The vulnerability poses a critical...
GHSA-48CG-9C55-J2Q7 hippo4j Includes Hard Coded Secret Key in JWT Creation
hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT JSON Web Token creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "admin". The vulnerability poses a critical...
CVE-2025-51606
hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT JSON Web Token creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "admin". The vulnerability poses a critical...
CVE-2025-51606
hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT JSON Web Token creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "admin". The vulnerability poses a critical...
CVE-2025-51606
CVE-2025-51606 affects hippo4j versions 1.0.0 through 1.5.0. The root cause is a hard-coded secret key used during JWT creation, enabling an attacker with access to source code or binaries to forge valid tokens and impersonate any user, including privileged ones like admin. The NVD metrics assign...
hippo4j 安全漏洞
hippo4j is an asynchronous thread pooling framework from opengoofy open source. A security vulnerability exists in hippo4j versions 1.0.0 through 1.5.0, which stems from the use of hard-coded keys in JWT creation, which could lead to the forgery of valid access tokens...
CVE-2025-51606
hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT JSON Web Token creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "admin". The vulnerability poses a critical...
PT-2025-34299 · Hippo4J · Hippo4J
Name of the Vulnerable Software and Affected Versions: hippo4j versions 1.0.0 through 1.5.0 Description: hippo4j uses a hard-coded secret key in its JWT JSON Web Token creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate an...
hippo4j Includes Hard Coded Secret Key in JWT Creation
hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT JSON Web Token creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "admin". The vulnerability poses a critical...
CVE-2023-27096
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module...
CVE-2023-27094
An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module...
CVE-2023-27095
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...
GHSA-H855-6HPH-V363 Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module...
Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module...