CVE-2025-7079

A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebellbackend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plu...

CVE-2025-7080

A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwtutils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret wit...

Use of Hard-coded Password

Overview Affected versions of this package are vulnerable to Use of Hard-coded Password via the mySecret argument in the JWT Token Handler process. An attacker can gain unauthorized access to sensitive information by exploiting the presence of a hard-coded secret value in authentication mechanism...

CVE-2025-7079

A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebellbackend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plu...

CVE-2025-7080

The CVE affects the Done-0 Jank JWT Token Handler (internal/utils/jwt_utils.go). The issue arises from manipulating the arguments accessSecret and refreshSecret (values jank-blog-secret and jank-blog-refresh-secret), which leads to use of a hard-coded password. Exploitation is possible remotely, ...

CVE-2025-7080 Done-0 Jank JWT Token jwt_utils.go hard-coded password

A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwtutils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret wit...

CVE-2025-7079 mao888 bluebell-plus JWT Token jwt.go hard-coded password

A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebellbackend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plu...

CVE-2025-7079

The CVE affects mao888 bluebell-plus up to version 2.3.0, specifically the JWT Token Handler in bluebell_backend/pkg/jwt/jwt.go. The issue stems from manipulating the mySecret argument, which leads to a hard-coded password being used. Exploitation can be remote and the attack has high complexity;...

PT-2025-28072 · Unknown · Mao888 Bluebell-Plus

Name of the Vulnerable Software and Affected Versions: mao888 bluebell-plus versions up to 2.3.0 Description: A problematic vulnerability has been found in the JWT Token Handler component, affecting the processing of the file bluebell backend/pkg/jwt/jwt.go. The issue involves the manipulation of...

PT-2025-28073 · Unknown · Done-0 Jank

Name of the Vulnerable Software and Affected Versions: Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17 Description: A problematic issue was found in the JWT Token Handler component, specifically in the file internal/utils/jwt utils.go. The manipulation of the accessSecret/refreshSecret...

CVE-2025-5409

A vulnerability was found in Mist Community Edition up to 4.7.1. It has been classified as critical. This affects the function createtoken of the file src/mist/api/auth/views.py of the component API Token Handler. The manipulation leads to improper access controls. It is possible to initiate the...

CVE-2025-5409 Mist Community Edition API Token views.py create_token access control

A vulnerability was found in Mist Community Edition up to 4.7.1. It has been classified as critical. This affects the function createtoken of the file src/mist/api/auth/views.py of the component API Token Handler. The manipulation leads to improper access controls. It is possible to initiate the...

CVE-2025-5409

Mist Community Edition up to 4.7.1 contains a vulnerability in the API Token Handler’s create_token function (src/mist/api/auth/views.py) that enables improper access controls. The issue allows remote initiation of an attack and has publicly disclosed exploits. Upgrading to version 4.7.2 addresse...

CVE-2025-5409 Mist Community Edition API Token views.py create_token access control

A vulnerability was found in Mist Community Edition up to 4.7.1. It has been classified as critical. This affects the function createtoken of the file src/mist/api/auth/views.py of the component API Token Handler. The manipulation leads to improper access controls. It is possible to initiate the...

PT-2025-23436 · Unknown · Mist Community Edition

Name of the Vulnerable Software and Affected Versions: Mist Community Edition versions up to 4.7.1 Description: A critical issue has been found, affecting the create token function of the API Token Handler component. This leads to improper access controls, allowing remote attacks. The issue has...

CVE-2024-11619

A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. Affected by this issue is some unknown functionality of the component JWT Token Handler. The manipulation leads to use of default cryptographic key. The complexity of an attack is rather high. The...

CVE-2020-36533

A vulnerability was found in Klapp App and classified as problematic. This issue affects some unknown processing of the JSON Web Token Handler. The manipulation leads to weak authentication. The attack may be initiated remotely...

CVE-2014-125057

A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipulation of the argument token leads to incorrect comparison. It is possible to initiate the attack...

The vulnerability of the OAuth2 Token Handler component of the Red Hat Ansible Automation Platform allows a perpetrator to escalate their privileges.

The vulnerability of the OAuth2 Token Handler component of the Red Hat Ansible Automation Platform is related to access control errors. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

The vulnerability of the Session Token Handler component of the software platform based on Git for collaborative code development on GitLab allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Session Token Handler component in the Git-based software development platform, which is used for collaborative code development on GitLab, is related to context switching errors during privilege handling. Exploiting this vulnerability can allow an attacker, operating...