Clawvet API Hard-Coded JWT Secret Exposes User Data
A critical vulnerability in the Clawvet self-hosted API server allows unauthenticated attackers to forge session cookies and hijack user accounts.
2 results for “api-security”
A critical vulnerability in the Clawvet self-hosted API server allows unauthenticated attackers to forge session cookies and hijack user accounts.
Threat actors are weaponizing years-old accounts to map organizational structures and probe sensitive repositories via the GitHub API.