Lucene search
K

72 matches found

Vulnrichment
Vulnrichment
added 2026/03/09 8:32 p.m.6 views

CVE-2025-15603

...

4.9AI score0.00289EPSS
Exploits0
CVE
CVE
added 2026/02/16 1:32 a.m.15 views

CVE-2026-2527

CVE-2026-2527 affects Wavlink WL-WN579A3 devices (firmware up to 20210219). The vulnerability resides in /cgi-bin/login.cgi, where manipulating the key argument enables remote command execution (command injection). Public exploit details exist, and exploitation can be remote without user interact...

9.8CVSS6.3AI score0.0674EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/09 4:32 a.m.7 views

CVE-2026-2215

A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRETKEY results in use of default cryptographic key. The attack can be initiated...

6.3CVSS4.6AI score0.00268EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/02/09 4:32 a.m.14 views

CVE-2026-2215

CVE-2026-2215 affects rachelos WeRSS we-mp-rss up to 1.4.8. The issue concerns improper handling in the JWT Handler’s core/auth.py where manipulating the SECRET_KEY can cause the system to fall back to a default cryptographic key. This enables remote exploitation under high complexity with a netw...

6.3CVSS4.7AI score0.00268EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/29 5:54 a.m.13 views

CVE-2025-15105

A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument apikey results in use of hard-coded cryptographic key . Remote exploitation of the attack...

6.3CVSS6.3AI score0.00458EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/27 4:32 p.m.4 views

EUVD-2025-205477

A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. This affects an unknown function of the file config.yml of the component JWT Secret Handler. The manipulation of the argument key results in use of hard-coded cryptographic key . The attack may be...

6.3CVSS6AI score0.00274EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/27 9:30 a.m.13 views

EUVD-2025-205469

A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument apikey results in use of hard-coded cryptographic key . Remote exploitation of the attack...

6.3CVSS5.9AI score0.00458EPSS
Exploits1References5
CVE
CVE
added 2025/12/27 9:2 a.m.16 views

CVE-2025-15105

CVE-2025-15105 affects getmaxun maxun up to version 0.0.28. The vulnerability is in the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts, where manipulation of the argument api_key results in the use of a hard-coded cryptographic key. This enables remote exploitation and is described a...

6.3CVSS4.6AI score0.00458EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/12/22 12:32 a.m.3 views

CVE-2025-15005

A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument KRECAPTCHASITEKEY/KRECAPTCHASECRETKEY results in use of hard-coded cryptographic key . It is possibl...

6.3CVSS4.5AI score0.00397EPSS
Exploits1References5
Snyk
Snyk
added 2025/12/17 8:38 p.m.5 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Amazon.Extensions.S3.Encryption is an easy-to-use Amazon S3 encryption client that allows you to secure your sensitive data before you send it to Amazon S3. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to missing cryptographic k...

6CVSS6.6AI score0.00094EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/09 5:42 p.m.5 views

EUVD-2025-200266

Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments...

6.3CVSS5.7AI score0.00262EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/12/04 8:12 p.m.4 views

CVE-2025-13948

A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...

6.3CVSS6.8AI score0.00262EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/03 2:32 p.m.3 views

CVE-2025-13948 opsre go-ldap-admin JWT docker-compose.yaml hard-coded key

A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...

6.3CVSS6.6AI score0.00262EPSS
Exploits0References4
CVE
CVE
added 2025/12/03 2:32 p.m.14 views

CVE-2025-13948

The CVE-2025-13948 entry concerns opsre go-ldap-admin (up to 20251011) with an issue in the JWT Handler’s docs/docker-compose/docker-compose.yaml processing. Manipulating the argument secret key can lead to use of a hard-coded cryptographic key, enabling remote attack. Exploitation details beyond...

6.3CVSS6.6AI score0.00262EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.5 views

PT-2025-48812

A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...

6.3CVSS6.8AI score0.00262EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/12/02 6:30 p.m.5 views

Duplicate Advisory: Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mv7p-34fv-4874. This link is maintained to preserve external references. Original Description A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of t...

6.3CVSS6.4AI score0.00262EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2025/12/02 4:2 p.m.8 views

CVE-2025-13877 nocobase JWT Service jwt-service.ts hard-coded key

A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of the file nocobase\packages\core\auth\src\base\jwt-service.ts of the component JWT Service. The manipulation of the argument APIKEY results in use of hard-coded cryptographic key . T...

6.3CVSS0.00262EPSS
Exploits0References4
NVD
NVD
added 2025/11/03 4:15 a.m.4 views

CVE-2025-12615

A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRETKEY leads to use of hard-coded cryptographic key . The attack may be performed from remote. The attack...

8.1CVSS0.00379EPSS
Exploits1References5
OSV
OSV
added 2025/11/03 4:15 a.m.4 views

CVE-2025-12615

A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRETKEY leads to use of hard-coded cryptographic key . The attack may be performed from remote. The attack...

8.1CVSS5.3AI score0.00379EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-9127

Malware in sbrugna...

9.8CVSS9.5AI score0.01987EPSS
Exploits0References3
Rows per page
Query Builder