EUVD-2026-31026

The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the rememberLogin REST API endpoint using a loose comparison != instead of !== for secret validation at app/RestAPI.php:111, combined with no validation that...

CVE-2018-25332

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...

EUVD-2018-21853

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...

CVE-2018-25332

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...

CVE-2018-25332 GitBucket 4.23.1 Unauthenticated Remote Code Execution

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...

PT-2026-38622

Name of the Vulnerable Software and Affected Versions note-mark affected versions not specified Description The application does not enforce a minimum length or entropy for the JWT SECRET configuration value, accepting any base64-decodable secret regardless of size. In backend/config/utils.go, th...

jwt-attack-suite

JWT Attack Suite Offensive JWT testing toolkit for penetrat...

EUVD-2026-19574

In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens JWT. This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the...

PYSEC-2026-170

In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens JWT. This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the...

CVE-2026-1114

CVE-2026-1114 affects parisneo/lollms 2.1.0. The issue is an improper access control flaw caused by signing JWTs with a weak secret key, enabling an offline brute‑force to recover the key. With the cracked secret, an attacker can forge administrative tokens, modify the JWT payload, and resigns to...

PT-2026-30796

Name of the Vulnerable Software and Affected Versions parisneo/lollms versions prior to 2.2.0 Description Session management is subject to improper access control because a weak secret key is used for signing JSON Web Tokens JWT. This allows an attacker to conduct an offline brute-force attack to...

PT-2026-29420

Name of the Vulnerable Software and Affected Versions Cloudreve versions prior to 4.13.0 Description Cloudreve is a self-hosted file management and sharing system. Versions prior to 4.13.0 use a weak pseudo-random number generator math/rand seeded with time to generate critical security secrets,...

Use of Hard-coded Credentials

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the login/huggingface route, which retrieves the server's Hugging Face access token using the huggingfacehub.gettok...

Improper Access Control via Weak JWT Token Leads to Admin Takeover and Privilege Escalation

Description The application's session management is vulnerable to Authorization Bypass and Vertical Privilege Escalation. During dynamic analysis of the application's authentication flow, I discovered that the JSON Web Tokens JWT are signed with a weak secret key. This allowed me to perform an...

CVE-2023-53951 Ever Gauzy v0.281.9 JWT Authentication Weakness via HMAC Secret

Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions...

CVE-2023-53951 Ever Gauzy v0.281.9 JWT Authentication Weakness via HMAC Secret

Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions...

CVE-2025-14261

The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack...

GHSA-W88F-4875-99C8 Apache Druid’s Kerberos authenticator uses a weak fallback secret

Apache Druid’s Kerberos authenticator uses a weak fallback secret when the druid.auth.authenticator.kerberos.cookieSignatureSecret configuration is not explicitly set. In this case, the secret is generated using ThreadLocalRandom, which is not a crypto-graphically secure random number generator...

CVE-2025-47945

Donetick is an open‑source task/chores app. Before v0.1.44, it uses JWT authentication with a weak default signing secret, enabling potential full account takeover of any user. The live version confirms the issue. A patch is available in v0.1.44; recommended mitigation is upgrading to 0.1.44 or l...

Django Weak Secret Key

Django applications use an application key to encrypt and sign various data, including session cookies and other sensitive information. This key is typically stored in the settings.py file and is used for multiple security-critical operations. When a weak or easily guessable application key is...