88 matches found
EUVD-2018-5670
Malware in sbrugna...
EUVD-2018-5689
Malware in sbrugna...
EUVD-2015-1936
Malware in sbrugna...
EUVD-2020-18797
Malware in sbrugna...
EUVD-2017-14355
Malware in sbrugna...
EUVD-2020-20995
Malware in sbrugna...
EUVD-2018-8306
Malware in sbrugna...
EUVD-2022-4363
Malicious code in bioql PyPI...
EUVD-2025-19409
Malicious code in bioql PyPI...
EUVD-2023-2662
Malicious code in bioql PyPI...
EUVD-2023-26778
Malicious code in bioql PyPI...
EUVD-2023-1961
Malicious code in bioql PyPI...
EUVD-2025-21169
Malicious code in bioql PyPI...
Domino Effect: How One Vendor's AI App Breach Toppled Giants
A single AI chatbot breach at Salesloft-Drift exposed data from 700+ companies, including security leaders. The attack shows how AI integrations expand risk, and why controls like IP allow-listing, token security, and monitoring are critical...
CVE-2025-10671 youth-is-as-pale-as-poetry e-learning JWT Token JwtUtils.java encryptSecret random values
A vulnerability has been found in youth-is-as-pale-as-poetry e-learning 1.0. Impacted is the function encryptSecret of the file e-learning-master\exam-api\src\main\java\com\yf\exam\ability\shiro\jwt\JwtUtils.java of the component JWT Token Handler. The manipulation leads to insufficiently random...
PT-2025-38404
Name of the Vulnerable Software and Affected Versions youth-is-as-pale-as-poetry e-learning version 1.0 Description A vulnerability exists due to insufficiently random values generated by the encryptSecret function within the JWT Token Handler component. The vulnerable file is...
CVE-2025-36011 IBM Jazz for Service Management information disclosure
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...
CVE-2025-53940
CVE-2025-53940 affects Quiet, an open-source p2p chat alternative. Vulnerable in Quiet 6.1.0-alpha.4 and earlier due to an insecure, non-constant-time token verification comparison in the backend/frontend API, enabling a timing attack to guess the token character by character. The issue is resolv...
Building a Robust OAuth Token Based API Security: a High Level Overview
APIs Application Programming Interfaces or Web Services are the foundational building blocks that enable interconnected systems. However this proliferation of APIs has also introduced security challenges that require systematic and scalable solutions for secure authentication and authorization...
GHSA-7XWP-2CPP-P8R7 File Browser’s insecure JWT handling can lead to session replay attacks after logout
Summary File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. Please refer to the CWE's listed in this report for further reference and system standards. In summary, the main issue is: - Tokens remain valid after logout session replay...