JWT Archives • Daily CyberSecurity

Whitespace Flaw Re-Opens Critical JWT “Algorithm Confusion” Bypass fast-jwt JWT Algorithm Confusion

Whitespace Flaw Re-Opens Critical JWT “Algorithm Confusion” Bypass

Do Son April 6, 2026

Security researchers have disclosed two major vulnerabilities within fast-jwt, a high-performance library used to implement JSON Web...

Critical 9.6 CVSS OIDC Flaws in OpenBao Turn “Direct Login” Into a Phishing Trap OpenBao Vulnerability OIDC Session Hijacking

Critical 9.6 CVSS OIDC Flaws in OpenBao Turn “Direct Login” Into a Phishing Trap

Do Son March 30, 2026

The OpenBao community, the open-source initiative dedicated to managing and distributing sensitive data like secrets and certificates,...

Critical CVE-2025-65015 Vulnerability in joserfc Could Let Attackers Exhaust Server Resources via Oversized JWT Tokens joserfc DoS, JWT Logging Flaw

Critical CVE-2025-65015 Vulnerability in joserfc Could Let Attackers Exhaust Server Resources via Oversized JWT Tokens

Do Son November 20, 2025

A widely used Python library implementing JOSE standards, joserfc, has disclosed a critical uncontrolled resource consumption vulnerability—tracked...

Critical Moxa Flaw (CVE-2025-6950, CVSS 9.9) Allows Unauthenticated Admin Takeover via Hard-Coded JWT Secret Moxa Hard-Coded Credentials, Critical JWT Bypass CVE-2024-9137 and CVE-2024-9139 - CVE-2024-12297 CVE-2024-7695 CVE-2024-9404 CVE-2024-12297 CVE-2025-0415

Moxa Hard-Coded Credentials, Critical JWT Bypass CVE-2024-9137 and CVE-2024-9139 - CVE-2024-12297 CVE-2024-7695 CVE-2024-9404 CVE-2024-12297 CVE-2025-0415

Critical Moxa Flaw (CVE-2025-6950, CVSS 9.9) Allows Unauthenticated Admin Takeover via Hard-Coded JWT Secret

Do Son October 20, 2025

Moxa, a leading manufacturer of industrial networking and security appliances, has released an urgent security advisory addressing...

CVE-2025-59934: Critical Flaw in Formbricks Allows Unauthorized Password Resets via Forged JWT Tokens Formbricks Auth Bypass, CVE-2025-59934

CVE-2025-59934: Critical Flaw in Formbricks Allows Unauthorized Password Resets via Forged JWT Tokens

Do Son September 27, 2025

The Formbricks project, an open-source platform for building in-app and website surveys, has released an urgent patch...

CVE-2025-41672 (CVSS 10): Critical JWT Certificate Flaw in WAGO Device Sphere Allows Full Remote Takeover WAGO Device Sphere, Critical Vulnerability

WAGO Device Sphere, Critical Vulnerability

CVE-2025-41672 (CVSS 10): Critical JWT Certificate Flaw in WAGO Device Sphere Allows Full Remote Takeover

Do Son July 8, 2025

A coordinated disclosure by CERT@VDE and WAGO has unveiled a devastating vulnerability—CVE-2025-41672—impacting WAGO’s industrial automation platform Device...

Horizon3 Details Critical File Upload Vulnerability in Cisco IOS XE WLC (CVE-2025-20188, CVSS 10) Cisco IOS XE vulnerability Remote code execution

Cisco IOS XE vulnerability Remote code execution

Horizon3 Details Critical File Upload Vulnerability in Cisco IOS XE WLC (CVE-2025-20188, CVSS 10)

Do Son May 30, 2025

A critical vulnerability—CVE-2025-20188—has been disclosed in Cisco IOS XE Wireless LAN Controller (WLC) software, allowing unauthenticated attackers...

Critical Alert 2 Active Exploits Detected Today

Whitespace Flaw Re-Opens Critical JWT “Algorithm Confusion” Bypass

Critical 9.6 CVSS OIDC Flaws in OpenBao Turn “Direct Login” Into a Phishing Trap

Critical CVE-2025-65015 Vulnerability in joserfc Could Let Attackers Exhaust Server Resources via Oversized JWT Tokens

Critical Moxa Flaw (CVE-2025-6950, CVSS 9.9) Allows Unauthenticated Admin Takeover via Hard-Coded JWT Secret

CVE-2025-59934: Critical Flaw in Formbricks Allows Unauthorized Password Resets via Forged JWT Tokens

CVE-2025-41672 (CVSS 10): Critical JWT Certificate Flaw in WAGO Device Sphere Allows Full Remote Takeover

Horizon3 Details Critical File Upload Vulnerability in Cisco IOS XE WLC (CVE-2025-20188, CVSS 10)