Home/Alerts/Alert detail/

JWT Scan Rule

Risk:
Medium

Type:
Active

Summary: Scanner for finding vulnerabilities in JWT implementations.

Solution: See reference for further information. The solution depends on implementation details

References: https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_Cheat_Sheet_for_Java.html

Latest Security News

⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple's Data Dilemma

Australia Bans Kaspersky Software Over National Security and Espionage Concerns

Google Cloud introduces quantum-safe digital signatures in KMS

Beware: PayPal "New Address" feature abused to send phishing emails

Fake CS2 tournament streams used to steal crypto, Steam accounts

Bybit Confirms Record-Breaking $1.5 Billion Crypto Heist in Sophisticated Cold Wallet Attack

Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack

OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns

Common Alerts

LowStrict-Transport-Security Multiple Header Entries (Non-compliant with Spec)

HighSOAP XML Injection

HighServer Side Code Injection - PHP Code Injection

HighXML External Entity Attack

MediumSession ID in URL Rewrite

InformationalInformation Disclosure - Sensitive Information in HTTP Referrer Header

InformationalCORS Header

Medium.htaccess Information Leak

InformationalVerification Request Identified

LowDeprecated Feature Policy Header Set

Top CVE List

CVE-2024-41710 Mitel SIP Phones Argument Injection Vulnerability

CVE-2025-0111 Palo Alto Networks PAN-OS File Read Vulnerability

CVE-2025-0108 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

CVE-2017-3881 Cisco IOS and IOS XE Remote Code Execution Vulnerability

CVE-2017-6736 Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

CVE-2024-40891 Zyxel DSL CPE OS Command Injection Vulnerability

CVE-2025-0994 Trimble Cityworks Deserialization Vulnerability

CVE-2025-24989 Microsoft Power Pages Improper Access Control Vulnerability

CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability

CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability

Top CWE List

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CWE-693 Protection Mechanism Failure

CWE-201 Insertion of Sensitive Information Into Sent Data

CWE-581 Object Model Violation: Just One of Equals and Hashcode Defined

CWE-1426 Improper Validation of Generative AI Output

HighCWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

CWE-284 Improper Access Control

CWE-1193 Power-On of Untrusted Execution Core Before Enabling Fabric Access Control

CWE-125 Out-of-bounds Read

Free online web security scanner

Don't show website scan report rating on the leaderboard