192 matches found
CVE-2025-66454 Arcade MCP Default Hardcoded Worker Secret Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints
Arcade MCP allows you to to create, deploy, and share MCP Servers. Prior to 1.5.4, the arcade-mcp HTTP server uses a hardcoded default worker secret "dev" that is never validated or overridden during normal server startup. As a result, any unauthenticated attacker who knows this default key can...
CVE-2025-66454
The CVE-2025-66454 issue in arcade-mcp-server/arcade-mcp is a hardcoded default worker secret ("dev") used by the HTTP server. Prior to version 1.5.4, this secret is never validated/rotated during startup, enabling unauthenticated attackers who know the key to forge valid JWTs and bypass FastAPI ...
EUVD-2025-200280
arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints...
arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints
Summary The arcade-mcp HTTP server uses a hardcoded default worker secret "dev" that is never validated or overridden during normal server startup. As a result, any unauthenticated attacker who knows this default key can forge valid JWTs and fully bypass the FastAPI authentication layer. This...
CVE-2025-64766
The CVE describes a hard-coded secret in the NixOS module for OnlyOffice document server affecting OnlyOffice 22.11–25.05 (and pre-Unstable 25.11). A knowledge of an existing revision ID could allow an attacker to access documents protected by this secret, exposing known documents of users with e...
CVE-2025-64766 NixOS has hardcoded credentials in Onlyoffice module
NixOS's Onlyoffice is a software suite that offers online and offline tools for document editing, collaboration, and management. In versions from 22.11 to before 25.05 and versions before Unstable 25.11, a hard-coded secret was used in the NixOS module for the OnlyOffice document server to protec...
CVE-2025-64766 NixOS has hardcoded credentials in Onlyoffice module
NixOS's Onlyoffice is a software suite that offers online and offline tools for document editing, collaboration, and management. In versions from 22.11 to before 25.05 and versions before Unstable 25.11, a hard-coded secret was used in the NixOS module for the OnlyOffice document server to protec...
News Portal Hardcoding Vulnerability
News Portal is a news portal. News Portal has a hard-coded vulnerability that stems from the use of a fixed encryption key for the handling of the SECRETKEY parameter in the file /onps/settings.py. An attacker could exploit this vulnerability to obtain sensitive system information...
EUVD-2025-34618
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account...
CVE-2025-56749
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account...
CVE-2025-56749
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account...
CVE-2025-56749
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account...
CVE-2025-56749
The CVE-2025-56749 issue affects Creativeitem Academy LMS up to version 6.14, where a hardcoded default JWT secret allows forging valid tokens, enabling authentication bypass and unauthorized access to user accounts. Multiple connected sources corroborate the vulnerability across NVD, Red Hat, EN...
EUVD-2018-5755
Malware in sbrugna...
EUVD-2017-16550
Malware in sbrugna...
EUVD-2024-54777
Malicious code in bioql PyPI...
EUVD-2025-14597
Malicious code in bioql PyPI...
EUVD-2025-23514
Malicious code in bioql PyPI...
EUVD-2022-0108
Malicious code in bioql PyPI...
EUVD-2025-12378
Malicious code in bioql PyPI...