Lucene search
K

15 matches found

EUVD
EUVD
added 2 days ago6 views

EUVD-2026-42879

In @capgo/capacitor-updater Cap-go/capgo before 12.128.2, the end-to-end encryption scheme distributes the private key to each device that downloads the app. Because the public key can be derived from the private key, an attacker performing a man-in-the-middle attack or compromising the Capgo...

8.3CVSS6.1AI score0.00151EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 6:27 p.m.25 views

CVE-2026-56346

CVE-2026-56346 affects AVideo up to version 25.0, with an authentication bypass in the decryptMessage.json.php endpoint that lets unauthenticated users decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to trigger server-side decryption without credentials...

6.9CVSS5.9AI score0.00392EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/30 5:37 a.m.274 views

RestroPress-WordPress-Plugin-Sensitive-API-Key-amp-Token-Exposure-Vulnerability-Exploitation

📌 Overview CVE-2025-9209 is a critical information disclo...

9.8CVSS7.2AI score0.02196EPSS
Exploits6
Snyk
Snyk
added 2026/03/11 12:37 a.m.4 views

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the JWKS resolver, which can be exposed if a fetch operation fails. An attacker can obtain private keys by forcing such a failure. Note: The keys are exposed even if RequestAuthentication is in use...

8.7CVSS5.8AI score0.00378EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.13 views

PT-2025-52229

SSH private keys of the "Remote alert handlers Linux" rule were exposed in the rule page's HTML source in Checkmk = 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed...

2.3CVSS6.8AI score0.00182EPSS
Exploits0References2
NVD
NVD
added 2025/12/09 4:17 p.m.5 views

CVE-2025-40818

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to...

3.3CVSS0.00093EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 10:44 a.m.15 views

CVE-2025-40818

The CVE identifies a vulnerability in SINEMA Remote Connect Server (all versions

3.3CVSS6.4AI score0.00093EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/09 10:44 a.m.4 views

CVE-2025-40818

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to...

3.3CVSS6.4AI score0.00093EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/08/10 1:39 a.m.3 views

SUSE CVE-2023-4237

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availabili...

7.8CVSS6.6AI score0.00239EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.11 views

Fortinet FortiOS和FortiAuthenticator 安全漏洞

Fortinet FortiOS and Fortinet FortiAuthenticator are both products of Fortinet, Inc. Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web...

5.3CVSS4.8AI score0.0029EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/02/23 12:0 a.m.7 views

PT-2023-20328 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 3.13.1 Description: Gradio is an open-source Python library to build machine learning and data science demos and web applications. When using Gradio's share links by setting share=True, a private SSH key is sent to an...

9.8CVSS9.3AI score0.00553EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2022/04/12 8:15 p.m.10 views

CVE-2022-29052

Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

4.3CVSS5.9AI score0.00724EPSS
Exploits0References2
OSV
OSV
added 2021/05/07 11:15 a.m.4 views

CVE-2020-36124

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by XML External Entity XXE injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them to manipulate the access tokens to access the platform as any desired user clients and administrators...

6.5CVSS5.8AI score0.01258EPSS
Exploits1References3
OSV
OSV
added 2020/10/14 7:15 p.m.4 views

CVE-2020-3483

Duo has identified and fixed an issue with the Duo Network Gateway DNG product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG...

6.3CVSS6.6AI score0.00146EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/06/11 9:3 a.m.4 views

cxf: OpenId Connect token service does not properly validate the clientId

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...

7.5CVSS7.3AI score0.0606EPSS
Exploits0References4
Rows per page
Query Builder