Lucene search
K

3827 matches found

Vulnrichment
Vulnrichment
added 2026/04/20 5:45 a.m.3 views

CVE-2026-6610 liangliangyy DjangoBlog Setting settings.py hard-coded credentials

A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack may be launched...

6.3CVSS5.1AI score0.00274EPSS
Exploits0References4
CVE
CVE
added 2026/04/20 5:45 a.m.13 views

CVE-2026-6610

The vulnerability CVE-2026-6610 affects the DjangoBlog project by liangliangyy, up to version 2.1.0.0. The issue resides in the Setting Handler, specifically in an unknown function within djangoblog/settings.py, where manipulation of USER/PASSWORD arguments leads to hard-coded credentials. Exploi...

6.3CVSS5.1AI score0.00274EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/20 12:30 a.m.7 views

EUVD-2026-23710

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRETKEY results in hard-coded credentials. The attack can be launched remotely. Th...

6.3CVSS5.2AI score0.00323EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.8 views

PT-2026-33716

A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack may be launched...

6.3CVSS5.1AI score0.00274EPSS
Exploits0References5
NVD
NVD
added 2026/04/19 10:16 p.m.7 views

CVE-2026-6578

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRETKEY results in hard-coded credentials. The attack can be launched remotely. Th...

6.3CVSS0.00323EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/19 9:15 p.m.3 views

CVE-2026-6578

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRETKEY results in hard-coded credentials. The attack can be launched remotely. Th...

6.3CVSS5.2AI score0.00323EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/19 9:15 p.m.9 views

CVE-2026-6578 liangliangyy DjangoBlog Setting settings.py hard-coded credentials

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRETKEY results in hard-coded credentials. The attack can be launched remotely. Th...

6.3CVSS5.2AI score0.00323EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/19 9:15 p.m.33 views

CVE-2026-6578 liangliangyy DjangoBlog Setting settings.py hard-coded credentials

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRETKEY results in hard-coded credentials. The attack can be launched remotely. Th...

6.3CVSS0.00323EPSS
Exploits0References4
CVE
CVE
added 2026/04/19 9:15 p.m.10 views

CVE-2026-6578

Summary: CVE-2026-6578 affects the DjangoBlog app by liangliangyy up to version 2.1.0.0. The issue is located in djangoblog/settings.py (Setting Handler) where manipulating the SECRET_KEY leads to hard-coded credentials. It is possible to launch an attack remotely with high complexity, and the ex...

6.3CVSS5.5AI score0.00323EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/19 3:30 p.m.9 views

EUVD-2026-23705

A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed from remote. The...

7.5CVSS6.5AI score0.00284EPSS
Exploits0References5
NVD
NVD
added 2026/04/19 2:16 p.m.12 views

CVE-2026-6574

A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed from remote. The...

7.5CVSS0.00284EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/19 1:30 p.m.7 views

CVE-2026-6574 osuuu LightPicture API Upload Endpoint lp.sql hard-coded credentials

A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed from remote. The...

7.5CVSS6.5AI score0.00284EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/19 1:30 p.m.3 views

CVE-2026-6574

A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed from remote. The...

7.5CVSS5.2AI score0.00284EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/19 1:30 p.m.25 views

CVE-2026-6574

CVE-2026-6574 affects osuuu LightPicture

7.5CVSS6.5AI score0.00284EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/19 1:30 p.m.37 views

CVE-2026-6574 osuuu LightPicture API Upload Endpoint lp.sql hard-coded credentials

A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed from remote. The...

7.5CVSS0.00284EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/19 12:0 a.m.7 views

PT-2026-33648

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRET KEY results in hard-coded credentials. The attack can be launched remotely. T...

6.3CVSS5.5AI score0.00323EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/19 12:0 a.m.14 views

PT-2026-33632

A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed from remote. The...

7.5CVSS6.5AI score0.00284EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/19 12:0 a.m.11 views

LightPicture 安全漏洞

LightPicture is a corporate/team/personal image resource management system and photo hosting system developed by osuuu. Versions of LightPicture 1.2.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of hard-coded credentials for parameters key in files...

7.5CVSS7.2AI score0.00284EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/16 9:22 p.m.9 views

Use of Hard-coded Credentials

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the weak default TOKENHASHSECRET. An attacker can access sensitive internal identifiers by decrypting the meta field in JWT tokens when the default secret is used,...

5.6CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/04/16 9:22 p.m.5 views

Use of Hard-coded Credentials

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Use of Hard-coded Credentials due to the use of a weak default value for the secret parameter in session management when the EXPRESSSESSIONSECRET environment variable is not set. An attacker can impersonate...

6.8CVSS5.5AI score
Exploits0References2
Rows per page
Query Builder