CVE-2023-53951

Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions...

CVE-2023-53951

Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions...

CVE-2023-53951

Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions...

EUVD-2025-204596

Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions...

CVE-2023-53951

CVE-2023-53951 concerns Ever Gauzy v0.281.9, where a weak HMAC secret in the JWT authentication implementation allows forging tokens to authenticate with administrative permissions. The vulnerability is evidenced across multiple sources (including Red Hat, NVD/CNNVD-type records, CIRCL sightings,...

PT-2025-52522

Name of the Vulnerable Software and Affected Versions Ever Gauzy version 0.281.9 Description The software contains a JWT authentication issue due to a weak HMAC secret key implementation. This allows attackers to exploit the exposed JWT token to authenticate and gain unauthorized access,...

EUVD-2025-13365

Malicious code in bioql PyPI...

CVE-2024-58135

Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...

CVE-2024-58135 Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default

Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...

Use Of Hard-Coded Credentials

@evershop/evershop is vulnerable to the Use Of Hard-Coded Credentials. The vulnerability is due to the exposure of a weak HMAC secret. Attackers can use the predictable secret to create valid JSON Web Tokens JWT, which allows them access to sensitive information...

EverShop at risk to unauthorized access via weak HMAC secret

An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.9. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens JWTs, allowing them access t...

CVE-2023-46943

An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens JWTs, allowing them access t...

ever gauzy v0.281.9 - JWT weak HMAC secret Vulnerability

Exploit Title: ever gauzy v0.281.9 - JWT weak HMAC secret Author: nu11secur1ty Vendor: https://gauzy.co/ Software: https://github.com/ever-co/ever-gauzy/releases/tag/v0.281.9 Reference: https://portswigger.net/kb/issues/00200903jwt-weak-hmac-secret Description: It was, detected a JWT signed using...

ever gauzy v0.281.9 - JWT weak HMAC secret

Exploit Title: ever gauzy v0.281.9 - JWT weak HMAC secret Author: nu11secur1ty Date: 04.08.2023 Vendor: https://gauzy.co/ Software: https://github.com/ever-co/ever-gauzy/releases/tag/v0.281.9 Reference: https://portswigger.net/kb/issues/00200903jwt-weak-hmac-secret Description: It was, detected a...