6 matches found
EUVD-2022-48498
Malicious code in bioql PyPI...
EUVD-2021-29311
Malicious code in bioql PyPI...
The vulnerability of the 1C-Bitrix website content management system, related to insufficient protection of registration data, allows a hacker to gain access to the domain controller’s account information.
The vulnerability of the 1C-Bitrix website content management system is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor to gain access to the account information of the domain controller...
PT-2024-29336 · Navidrome · Navidrome
Name of the Vulnerable Software and Affected Versions: Navidrome version 0.52.3 Description: The issue concerns the use of an insecure hashing algorithm, specifically MD5, in the Gravatar service of Navidrome. This allows attackers to manipulate a user's account information. Recommendations: For...
Omise: Public and secret api key leaked via omise github repo(owned by omise)
Found secret key of particular omise accounts! Functionality of the public and secret keys are described below: Public key The public key can be used to create tokens via javascript from your customers browsers. This key can be safely exposed to the outside world. Secret key The secret key can be...
RideSmart Android app has an overstepping vulnerability
Ride Free Android AP is a mobile application to keep your vehicle safe. A parallel override access vulnerability exists in the Ride Carefree Android AP account information acquisition interface. This allows an attacker to exploit the vulnerability to cause an arbitrary account to overstep its...