CVE-2026-1114

In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens JWT. This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the...

OESA-2026-2483 hplip security update

The Hewlett-Packard Linux Imaging and Printing Project provides drivers for HP printers and multi-function peripherals. Security Fixes: A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the us...

CVE-2026-1114

In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens JWT. This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the...

LoLLMs 安全漏洞

LoLLMs is a large language and multimodal system personally developed by Saifeddine ALOUI. Version 2.1.0 of LoLLMs contains a security vulnerability. This vulnerability arises from the use of weak keys for signing JSON Web Tokens, leading to improper access control. This could allow attackers to...

EUVD-2025-28137

Malicious code in bioql PyPI...

EUVD-2021-30377

Malicious code in bioql PyPI...

Imperva API Security: Authentication Risk Report—Key Findings & Fixes

An in-depth analysis of common JSON Web Token JWT mistakes, basic auth, long-lived tokens, and quick, high-impact fixes to secure your APIs . Introduction APIs are the backbone of modern digital services—from mobile apps and e-commerce to banking and IoT. That scale and utility also make them pri...

UBUNTU-CVE-2025-43023

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm DSA...

HP Linux Imaging and Printing Software 安全漏洞

HP Linux Imaging and Printing Software is a Hewlett-Packard HP USA installation, usage and management software package that supports HP printers and scanners. A security vulnerability exists in HP Linux Imaging and Printing Software that originates from the use of a weak DSA signing key...

CVE-2025-47945

Donetick an open-source app for managing tasks and chores. Prior to version 0.1.44, the application uses JSON Web Tokens JWT for authentication, but the signing secret has a weak default value. While the responsibility is left to the system administrator to change it, this approach is inadequate...

Donetick 安全漏洞

Donetick is an open source, user-friendly application from Donetick Open Source for managing tasks and chores. A security vulnerability exists in Donetick versions prior to 0.1.44, which stems from a weak JWT signing key default that could lead to account takeover...

Xpand IT Write-Back Manager Security Vulnerability

Xpand IT Write-back manager is an extension for Xpand IT. that allows users to enter data directly from Tableau dashboards into the database. A security vulnerability exists in Xpand IT Write-Back Manager version v2.3.1, which stems from the use of a weak key for signing JWT tokens, where an...

CVE-2023-40727

A vulnerability has been identified in QMS Automotive All versions V12.39. The QMS.Mobile module of the affected application uses weak outdated application signing mechanism. This could allow an attacker to tamper the application code...

CVE-2023-40727

A vulnerability has been identified in QMS Automotive All versions V12.39. The QMS.Mobile module of the affected application uses weak outdated application signing mechanism. This could allow an attacker to tamper the application code...

CVE-2023-40727

A vulnerability has been identified in QMS Automotive All versions V12.39. The QMS.Mobile module of the affected application uses weak outdated application signing mechanism. This could allow an attacker to tamper the application code...

PT-2023-5184 · Unknown · Qms Automotive

Name of the Vulnerable Software and Affected Versions: QMS Automotive versions prior to V12.39 Description: A vulnerability has been identified in the QMS.Mobile module of QMS Automotive, which uses a weak and outdated application signing mechanism. This could allow an attacker to tamper with the...

PT-2022-11839

Name of the Vulnerable Software and Affected Versions ONLYOFFICE all versions as of 2021-11-08 Description The issue is related to Incorrect Access Control, where signed document download URLs can be forged due to a weak default URL signing key. This allows for potential exploitation, including...

PT-2022-9033 · Hcl +1 · Hcl Verse For Android +1

Name of the Vulnerable Software and Affected Versions: Application affected versions not specified Description: The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital...

Unauthorized Modification

Java SE and Java SE Embedded are vulnerable to unauthenticated modification attacks. An unauthenticated attacker can exploit a flaw in the Security component of OpenJDK which does not allow users to restrict the set of algorithms allowed for Jar integrity verification allowing an attacker to modi...

OpenJDK: MD5 allowed for jar verification (Security, 8171121)

It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm...