Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CVE
CVEadded 2026/06/05 7:1 p.m.24 views

CVE-2026-11414

CVE-2026-11414 affects Altium Enterprise Server Vault service. The issue comprises two vulnerabilities: (1) a hard-coded cryptographic key used to sign file download URLs, identical across installations, enabling an unauthenticated network attacker to forge valid signatures and retrieve files fro...

10CVSS5.6AI score0.00478EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blogadded 2025/11/14 9:52 p.m.11 views

AstrBot is vulnerable to RCE with hard-coded JWT signing keys

Summary AstrBot uses a hard-coded JWT signing key, allowing attackers to execute arbitrary commands by installing a malicious plugin. Details AstrBot uses a hard-coded JWT signing key, which allows attackers to bypass the authentication mechanism. Once bypassed, the attacker can install a Python...

7.3CVSS7.9AI score0.00281EPSS
Exploits2References7Affected Software1
Positive Technologies
Positive Technologiesadded 2025/09/30 12:0 a.m.10 views

PT-2025-39945

Name of the Vulnerable Software and Affected Versions Copypress Rest API plugin for WordPress versions 1.1 through 1.2 Description The Copypress Rest API plugin for WordPress is susceptible to Remote Code Execution through the copyreap handle image function. The plugin utilizes a hard-coded JWT...

9.8CVSS8.5AI score0.00566EPSS
Exploits2References10
Vulnrichment
Vulnrichmentadded 2025/09/18 8:44 p.m.3 views

CVE-2025-54807 Dover Fueling Solutions ProGauge MagLink LX 4 Devices Use of Hard-coded Cryptographic Key

The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system...

9.8CVSS5.8AI score0.0068EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/06/12 9:20 p.m.9 views

CVE-2025-35940

The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints...

8.1CVSS8.1AI score0.00324EPSS
Exploits0References1
CVE
CVEadded 2025/06/10 8:27 p.m.74 views

CVE-2025-35940

The CVE-2025-35940 entry concerns ArchiverSpaApi (ASP.NET) that uses a hard-coded JWT signing key. The information across sources indicates an unauthenticated attacker can generate a verifiable JWT token to access protected ArchiverSpaApi endpoints (e.g., /api/v1/login, /users/{id}). The Red Hat ...

8.1CVSS8.1AI score0.00324EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/06/10 8:27 p.m.21 views

CVE-2025-35940 Hard-coded ArchiverSpaApi JWT Signing Key

The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints...

8.1CVSS0.00324EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/29 2:7 a.m.19 views

Security Bulletin: IBM Security Verify Information Queue displays the Grafana signing key when setting up the logs stack (CVE-2021-20412)

Summary IBM Security Verify Information Queue ISIQ offers an optional logs stack to demonstrate logging and monitoring. Among the stack's components is a Grafana dashboard. The initialization file for Grafana contains a hard-coded signing key. As of ISIQ v10.0.0, this signing key has been removed...

7.5CVSS7.6AI score0.00886EPSS
Exploits0Affected Software1
Rows per page
Query Builder