37 matches found
CVE-2023-43305
An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...
CVE-2023-53951 Ever Gauzy v0.281.9 JWT Authentication Weakness via HMAC Secret
Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions...
EUVD-2021-26361
Malware in sbrugna...
EUVD-2018-20685
Malware in sbrugna...
EUVD-2019-0420
Malware in sbrugna...
EUVD-2011-3626
Malware in sbrugna...
EUVD-2021-26292
Malware in sbrugna...
EUVD-2022-29672
Malicious code in bioql PyPI...
EUVD-2021-6855
Malicious code in bioql PyPI...
EUVD-2023-33676
Malicious code in bioql PyPI...
EUVD-2022-1473
Malicious code in bioql PyPI...
EUVD-2024-0341
Malicious code in bioql PyPI...
CVE-2024-6087
An improper access control vulnerability exists in lunary-ai/lunary at the latest commit a761d83 on the main branch. The vulnerability allows an attacker to use the auth tokens issued by the 'invite user' functionality to obtain valid JWT tokens. These tokens can be used to compromise target user...
CVE-2023-48127
An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...
CVE-2023-33236
MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs...
CVE-2021-3169
An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets...
CVE-2021-32958
Successful exploitation of this vulnerability on Claroty Secure Remote Access SRA Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface UI. With acces...
CVE-2021-34273
A security flaw in the 'owned' function of a smart contract implementation for BTC2X B2X, a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets...
CVE-2020-12432
The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtai...
CVE-2018-1000125
inversoft prime-jwt version prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564adbb83a227 contains an input validation vulnerability in JWTDecoder.decode that can result in a JWT that is decoded and thus implicitly validated even if it lacks a valid signature. This attack...