HCL DevOps Loop 安全漏洞

HCL DevOps Loop is a suite of code development platforms from HCL India. A security vulnerability exists in HCL DevOps Loop that stems from the API authentication middleware not properly validating token expiration times and cryptographic signatures, which could lead to the use of expired or...

PT-2025-43694

Name of the Vulnerable Software and Affected Versions eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams versions through 1.5.6 Description The eRoom plugin for WordPress exposes Zoom SDK secret keys in client-side JavaScript within the meeting view template. This allows...

PYSEC-2025-120

jupyterhub-ltiauthenticator is a JupyterHub authenticator for learning tools interoperability LTI. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only use...

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from the use of hard-coded encryption keys in JWT signatures. An attacker could exploit the vulnerabilit...

Security Bulletin: Vulnerability in Google OAuth Client Library affects watsonx.data

Summary Google OAuth Client Library for Java could allow a remote attacker to bypass security restrictions, caused by improper verification of token signatures. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass verification on the client side or to gai...

Security Bulletin: There is a vulnerability in google-oauth-client-1.25.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2020-7692 and CVE-2021-22573)

Summary There is a vulnerability in google-oauth-client-1.25.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2020-7692 DESCRIPTION: Google APIs google-oauth-java-client could allow a remote attacker to bypass security restrictions, caus...

Security Bulletin: Google OAuth Client Library for Java as used by IBM QRadar SIEM is vulnerable to verification bypass (CVE-2021-22573)

Summary Google OAuth Client Library for Java as used by IBM QRadar SIEM is vulnerable to verification bypass. IBM QRadar SIEM has addressed the applicable vulnerability. Vulnerability Details CVEID:CVE-2021-22573 DESCRIPTION: Google OAuth Client Library for Java could allow a remote attacker to...

Security Bulletin: A security vulnerability has been identified in Google OAuth Client shipped with IBM Tivoli Netcool Impact (CVE-2021-22573)

Summary Google OAuth Client is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting Google OAuth Client has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-22573 DESCRIPTION: Google OAuth Client Library for Java could allow a...

Insufficient Data Verification in io.really:jwt-scala

jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token...

jwt-scala fails to verify token signatures

Overview jwt-scala contains a vulnerability where it fails to verify token signatures correctly. jwt-scala is a Scala library to handle JSON Web Token JWT. jwt-scala contains a vulnerability where it fails to verify token signatures correctly due to improper processing of JWT headers. Toshiharu...

F21 JWT fails to verify token signatures

Overview JWT provided by F21 is a PHP library for handling JSON Web Tokens. php-jwt contains a vulnerability where it fails to verify token signatures. Toshiharu Sugiyama of DeNA Co., Ltd. and Shuntaro Maeda reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...