PT-2025-33360 · Linlinjava · Litemall

Name of the Vulnerable Software and Affected Versions: linlinjava litemall versions up to 1.8.0 Description: A vulnerability exists in linlinjava litemall up to version 1.8.0, specifically within the JSON Web Token Handler component, located in the file...

GO-2025-3812 File Browser’s insecure JWT handling can lead to session replay attacks after logout in github.com/filebrowser/filebrowser

File Browser’s insecure JWT handling can lead to session replay attacks after logout in github.com/filebrowser/filebrowser...

CVE-2025-53826 FileBrowser Has Insecure JWT Handling Which Allows Session Replay Attacks after Logout

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.39.0, File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. As of time of...

CVE-2025-53826 FileBrowser Has Insecure JWT Handling Which Allows Session Replay Attacks after Logout

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.39.0, File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. As of time of...

CVE-2024-10125

The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcorevalidatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer ALB OpenId Connect integration and can be used in any ASP.NET...

CVE-2024-10125 Lack of JWT issuer and signer validation

The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcorevalidatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer ALB OpenId Connect integration and can be used in any ASP.NET...

PT-2024-40234 · Unknown +1 · Vng-Api-Common +1

Name of the Vulnerable Software and Affected Versions: vng-api-common versions prior to 1.12.2 Description: This issue is related to a privilege escalation vulnerability, although its impact is negligible and entirely theoretical. It involves the verification of client-supplied JSON Web Tokens JW...

CVE-2021-39177 User impersonation due to incorrect handling of the login JWT

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Versions of Geyser prior to 1.4.2-SNAPSHOT allow anyone that can connect to the server to forge a LoginPacket with manipulated JWT token allowing impersonation as any user. Version 1.4.2-SNAPSHOT contains a patch f...