EUVD-2023-37534

Malicious code in bioql PyPI...

EUVD-2025-22510

Malicious code in bioql PyPI...

CVE-2025-40680

Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract the...

CVE-2025-40680

CapillaryScope v2.5.0 (Capillary io) stores proxy credentials and the JWT session token in plain text in Windows registry keys. This exposes sensitive data to any authenticated local user with registry read access, as noted across multiple sources (NVD/Red Hat/CIRCL/CVE records). The root cause i...

PT-2025-30662 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: CapillaryScope version 2.5.0 Description: The software lacks sensitive data encryption, storing proxy credentials and the JWT session token in plain text within Windows registry keys. Any authenticated local user with read access to the...

CVE-2023-33371

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication...

CVE-2025-2079

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT JSON Web Token sessions...

CVE-2025-2079

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT JSON Web Token sessions...

CVE-2025-2079

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT JSON Web Token sessions...

CVE-2024-21583

CWE/CVE: CVE-2024-21583 affects Gitpod components and protocol (e.g., components/server/go/pkg/lib, components/ws-proxy/pkg/proxy, installer/auth/public-api-server/server, and @gitpod/gitpod-protocol; before main-gha.27122) with a Cookie Tossing flaw due to a missing __Host- prefix on the gitpod_...

Authentication flaw

Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them...

CVE-2023-33371

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication...

CVE-2023-33371

CVE-2023-33371 affects Control ID IDSecure 4.7.26.0 and earlier. The vulnerability arises from a hardcoded cryptographic key used to sign and verify JWT session tokens, enabling an attacker to forge tokens and bypass authentication. Exploitation details are not provided in these documents, but th...

CVE-2023-33371

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication...

CVE-2023-33371

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication...

Spoofable User Session

kiali uses spoofable user session. The attack is possible due to Insufficient JWT Session Expiration validation, leading to Session Fixation and privilege escalation...