40 matches found
GHSA-3PV8-6F4R-FFG2 vulnerabilities
Vulnerabilities for packages: wasm-pack, litmus, cleave, cargo-c, sccache, qdrant, rustup, zizmor, rye, deno, buck2, wasmcloud...
CVE-2025-14261
The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack...
EUVD-2025-201794
The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack...
CVE-2025-14261
The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack...
CVE-2025-14261 Lack of entropy allows registered low-privileged users of Litmus to crack valid JWT tokens and gain admin privileges
The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack...
CVE-2025-14261 Lack of entropy allows registered low-privileged users of Litmus to crack valid JWT tokens and gain admin privileges
The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack...
CVE-2025-14261 Lack of entropy allows registered low-privileged users of Litmus to crack valid JWT tokens and gain admin privileges
The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack...
LitmusChaos 安全特征问题漏洞
LitmusChaos is a program open-sourced by Litmus Chaos that practices chaos engineering in a cloud-native manner. LitmusChaos suffers from a Security Feature Issue vulnerability that stems from a JWT signing key that is too short, which could lead to authentication bypass...
PT-2025-49585
Name of the Vulnerable Software and Affected Versions Litmus Platform affected versions not specified Description The Litmus platform utilizes JWT for authentication and authorization; however, the JWT signing secret key is only 6 bytes in length, making it susceptible to cracking. This allows fo...
EUVD-2025-24075
Malicious code in bioql PyPI...
EUVD-2025-27552
Malicious code in bioql PyPI...
CVE-2025-56405
An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol...
CVE-2025-56405
An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol...
CVE-2025-56405
An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol...
Litmus MCP Server 安全漏洞
Litmus MCP Server is a Litmus open source MCP server for configuring Litmus instances. A security vulnerability exists in Litmus MCP Server version 0.0.1 and earlier, which originates from the possibility that an unauthorized attacker could take control of the target MCP service...
PT-2025-37050
Name of the Vulnerable Software and Affected Versions: litmusautomation litmus-mcp-server versions through 0.0.1 Description: An issue allows unauthorized attackers to control the target's MCP service through the SSE Server-Sent Events protocol. Recommendations: At the moment, there is no...
CVE-2025-56405
An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol...
CVE-2025-56405
An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol...
CVE-2025-56405
The CVE-2025-56405 entry concerns litmusautomation litmus-mcp-server up to version 0.0.1, where an issue allows unauthorized attackers to control the target MCP service via the SSE protocol. The NVD/SCA records indicate CVSSv3.1 base score 7.5 (High) with NETWORK attack vector, LOW attack complex...
CVE-2025-8796
A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/deleteproject/ of the component Delete Request Handler. The manipulation of the argument projectID leads to missing authorization. The attack...