1. Critical JWT Algorithm 'None' Bypass Exposes Admin Login to Token Forgery
A critical security flaw allows attackers to forge valid authentication tokens and bypass JWT security entirely by exploiting a misconfigured server that accepts the 'none' algorithm. The vulnerability, confirmed with 90% confidence and rated a CVSS 9.8, was discovered on the `/admin/login` endpoint, where the server i...