Lucene search
+L

6 matches found

OSV
OSV
added 2026/06/25 10:34 p.m.6 views

GO-2026-5567 Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery in github.com/enchant97/note-mark/backend

Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery in github.com/enchant97/note-mark/backend...

10CVSS5.8AI score0.00124EPSS
Exploits0References4
CVE
CVE
added 2026/05/14 6:42 p.m.28 views

CVE-2026-44523

CVE-2026-44523 affects Note Mark, with all versions before 0.19.4 vulnerable to a JWT secret weakness. The root cause is that the JWT secret is not validated for minimum length or entropy; the application accepts any base64-decodable secret, even as short as 1 byte. In backend/config/utils.go, Ba...

10CVSS5.8AI score0.00124EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 6:42 p.m.9 views

CVE-2026-44523 Note Mark: JWT Secret Weakness allows Full Account Takeover via token forgery

Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWTSECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. This vulnerability is fixed in 0.19.4...

10CVSS5.8AI score0.00124EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 6:42 p.m.38 views

CVE-2026-44523 Note Mark: JWT Secret Weakness allows Full Account Takeover via token forgery

Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWTSECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. This vulnerability is fixed in 0.19.4...

10CVSS0.00124EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 6:42 p.m.4 views

CVE-2026-44523 Note Mark: JWT Secret Weakness allows Full Account Takeover via token forgery

Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWTSECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. This vulnerability is fixed in 0.19.4...

10CVSS6AI score0.00124EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003697)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003697 advisory. The flowdissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto...

5.3CVSS6.7AI score0.02605EPSS
Exploits0References8
Rows per page
Query Builder