GO-2026-4573 ZITADEL's truncated opaque tokens are still valid in github.com/zitadel/zitadel

ZITADEL's truncated opaque tokens are still valid in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

CVE-2024-46612

IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information...

CVE-2024-46612

IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information...

CVE-2024-46607

Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file...

CVE-2024-46609

An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords...

CVE-2024-46612

IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information...

CVE-2024-46612

IceCMS v3.4.7 and earlier versions contain a hardcoded JWT key, enabling an attacker to forge JWT authentication information. Affected component is the authentication/key handling within IceCMS. Impact is authenticated access forgery with high severity as described in cited sources; exploitation ...

CVE-2024-46612

IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information...

CVE-2024-46610

An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java...

Cross site scripting

A stored cross-site scripting XSS vulnerability in Netbox v3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates...

Fedora 13 : bugzilla-3.4.7-2.fc13 (2010-10669)

The Bugzilla team has released v3.4.7 of their software, which fixes a remote information disclosure bug users can search on time-tracking values even if they are not permitted to see them. See CVE-2010-1204 for all the gory details. Note that Tenable Network Security has extracted the preceding...