gian2dchris - Security Researcher - Exploit Intelligence Platform

CVE-2024-40441 WRITEUP MEDIUM WRITEUP

Doccano <v1.8.4, v0.1.23 - Privilege Escalation

An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via the model_attribs parameter.

CVSS 6.6

View Code

CVE-2024-40442 WRITEUP HIGH WRITEUP

Doccano <1.8.4, <0.1.23 - Privilege Escalation

An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via a crafted REST Request.

CVSS 7.2

View Code

CVE-2025-65730 WRITEUP HIGH WORKING POC

GoAway <0.62.18 - Auth Bypass

Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, fixed in 0.62.19, uses a hardcoded secret for signing JWT tokens used for authentication.

CVSS 8.8

View Code