Lucene search
K

7590 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/22 1:43 p.m.3 views

CVE-2026-12628

IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker to bypass authentication due to the use of a hardcoded credential in the FlashCopy Manager FCM authentication mechanism. The application contains a...

8.1CVSS6AI score0.00357EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2026/06/22 1:43 p.m.4 views

CVE-2026-12628 Hardcoded credential in the IBM Storage Protect Snapshot For Windows leads to unauthorized access to system

IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker to bypass authentication due to the use of a hardcoded credential in the FlashCopy Manager FCM authentication mechanism. The application contains a...

9.1CVSS6AI score0.00357EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 1:43 p.m.24 views

CVE-2026-12628

CVE-2026-12628 affects IBM Storage Protect Client (8.1.0.0–8.2.1.0) and IBM Storage Protect Snapshot for Windows (8.1.0.0–8.2.1.0). The IBM security bulletin confirms a hardcoded credential in the FlashCopy Manager (FCM) authentication mechanism and multiple authentication code paths, enabling re...

9.1CVSS6AI score0.00357EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.10 views

PT-2026-51331

Name of the Vulnerable Software and Affected Versions IBM Storage Protect Client versions 8.1.0.0 through 8.2.1.0 IBM Storage Protect Snapshot For Windows versions 8.1.0.0 through 8.2.1.0 Description An authentication bypass exists in the FlashCopy Manager FCM authentication mechanism. The...

9.1CVSS5.8AI score0.00357EPSS
Exploits0References5
NVD
NVD
added 2026/06/21 2:16 p.m.8 views

CVE-2026-56265

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected...

9.8CVSS0.00407EPSS
Exploits0References3
OSV
OSV
added 2026/06/21 2:16 p.m.5 views

PYSEC-2026-239

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected...

9.3CVSS5.8AI score0.00417EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.5 views

CVE-2026-56265

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected...

9.8CVSS5.9AI score0.00407EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.32 views

CVE-2026-56265 Crawl4AI - Authentication Bypass via Hardcoded JWT Signing Key

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected...

9.8CVSS0.00407EPSS
Exploits0References3
CVE
CVE
added 2026/06/21 1:26 p.m.28 views

CVE-2026-56265

CVE-2026-56265 affects Crawl4AI prior to 0.8.7 due to a hardcoded default JWT signing key in the Docker API server. The root cause is token forgery: an attacker who knows the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protec...

9.8CVSS5.9AI score0.00407EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/21 1:26 p.m.8 views

EUVD-2026-38170

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected...

9.8CVSS5.9AI score0.00407EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 3:12 p.m.7 views

Malicious code in @briskforge/envcheck (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09dba573f5d6cb00b09562870f2148b3e539786f5d801f2a263338301d759313 The package advertises itself as a tiny environment-variable validator but ships lib/preflight.js, a heavily obfuscated obfuscator.io string-array...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/06/19 3:0 p.m.10 views

MAL-2026-6218 Malicious code in chai-as-attested (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88e27467366a90f482eb47476458b1f74d5a41ac63371572e527f2e60e4e0b51 Package impersonates a pino-style logger exports module.exports.pino, ships pino-like DEFAULTLEVELS, keywords fast/logger/stream/json but the exporte...

5.9AI score
Exploits0References2
CVE
CVE
added 2026/06/18 10:12 p.m.23 views

CVE-2026-56075

PrasionAI before 4.5.128 contains an arbitrary shell command execution vulnerability in which UI modules hardcode approval_mode to auto, overriding the PRAISON_APPROVAL_MODE environment variable. This allows authenticated attackers to instruct the LLM agent to run arbitrary commands via subproces...

8.8CVSS6AI score0.00476EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 10:12 p.m.21 views

CVE-2026-56075 PraisonAI - Arbitrary Shell Command Execution via Hardcoded Approval Mode Override

PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approvalmode to auto, overriding administrator configuration from PRAISONAPPROVALMODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary...

8.8CVSS0.00476EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 9:19 p.m.20 views

CVE-2026-8668 Hardcoded credentials in embedded content

A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method...

5.1CVSS0.0017EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 9:19 p.m.19 views

CVE-2026-8668

CVE-2026-8668 concerns Chef 360 prior to v1.7.0, where a static credential embedded in the product allowed unauthenticated access to internal message queues containing tenant-specific identifiers. The underlying issue is a hardcoded credential that enables access without authentication; later ver...

5.1CVSS5.2AI score0.0017EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 8:16 p.m.9 views

CVE-2026-47847

Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADBREPLICATIONUSER and MARIADBREPLICATIONPASSWORD environment variables defaulted to monitor and monitor respectively. This user...

5.3CVSS0.00187EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 6:37 p.m.20 views

CVE-2026-47847

Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADBREPLICATIONUSER and MARIADBREPLICATIONPASSWORD environment variables defaulted to monitor and monitor respectively. This user...

5.3CVSS0.00187EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 6:37 p.m.91 views

CVE-2026-47847

Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential in the Galera replication health-check user. The environment variables MARIADB_REPLICATION_USER and MARIADB_REPLICATION_PASSWORD default to monitor and monitor , granting the user REPLICATION CLI...

5.3CVSS5.3AI score0.00187EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 1:25 p.m.17 views

CVE-2025-10560

Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret material in the Worksnaps client application binaries. The exposed credentials included AWS access keys, S3 bucket names, and related cloud access information. The originally exposed AWS credentials...

9.3CVSS0.00388EPSS
Exploits1References3
Rows per page
Query Builder