Lucene search
K

15 matches found

EUVD
EUVD
added 2026/04/20 9:30 a.m.3 views

EUVD-2026-23787

A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoint. Performing a manipulation of the argument SECRETKEY results in use of hard-coded cryptographic key . Remote exploitation o...

3.1CVSS4.9AI score0.00248EPSS
Exploits0References5
NVD
NVD
added 2026/04/19 10:16 p.m.7 views

CVE-2026-6578

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRETKEY results in hard-coded credentials. The attack can be launched remotely. Th...

6.3CVSS0.00323EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/23 12:46 p.m.3 views

CVE-2026-4588

A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-level API key Handler. This manipulation of the argument sk causes use of hard-coded cryptographic k...

6.3CVSS5AI score0.00268EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/03/09 9:31 p.m.4 views

EUVD-2025-208453

A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/startwindows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUISECRETKEY leads to insufficiently random values. It is possible to launch the attack...

6.3CVSS5.3AI score0.00289EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/09 8:32 p.m.6 views

CVE-2025-15603

...

4.9AI score0.00289EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/02/09 4:32 a.m.7 views

CVE-2026-2215

A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRETKEY results in use of default cryptographic key. The attack can be initiated...

6.3CVSS4.6AI score0.00268EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/02/09 4:32 a.m.14 views

CVE-2026-2215

CVE-2026-2215 affects rachelos WeRSS we-mp-rss up to 1.4.8. The issue concerns improper handling in the JWT Handler’s core/auth.py where manipulating the SECRET_KEY can cause the system to fall back to a default cryptographic key. This enables remote exploitation under high complexity with a netw...

6.3CVSS4.7AI score0.00268EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/04 8:12 p.m.4 views

CVE-2025-13948

A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...

6.3CVSS6.8AI score0.00252EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/03 2:32 p.m.3 views

CVE-2025-13948 opsre go-ldap-admin JWT docker-compose.yaml hard-coded key

A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...

6.3CVSS6.6AI score0.00252EPSS
Exploits0References4
CVE
CVE
added 2025/12/03 2:32 p.m.13 views

CVE-2025-13948

The CVE-2025-13948 entry concerns opsre go-ldap-admin (up to 20251011) with an issue in the JWT Handler’s docs/docker-compose/docker-compose.yaml processing. Manipulating the argument secret key can lead to use of a hard-coded cryptographic key, enabling remote attack. Exploitation details beyond...

6.3CVSS6.6AI score0.00252EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.5 views

PT-2025-48812

A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...

6.3CVSS6.8AI score0.00252EPSS
Exploits0References5
NVD
NVD
added 2025/11/03 4:15 a.m.3 views

CVE-2025-12615

A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRETKEY leads to use of hard-coded cryptographic key . The attack may be performed from remote. The attack...

8.1CVSS0.00335EPSS
Exploits1References5
OSV
OSV
added 2025/11/03 4:15 a.m.2 views

CVE-2025-12615

A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRETKEY leads to use of hard-coded cryptographic key . The attack may be performed from remote. The attack...

8.1CVSS5.3AI score0.00335EPSS
Exploits1References5
OSV
OSV
added 2025/08/29 2:15 a.m.5 views

CVE-2025-9604

A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible ...

6.3CVSS5.4AI score0.00223EPSS
Exploits0References6
NVD
NVD
added 2023/02/26 8:15 a.m.11 views

CVE-2019-25105

A vulnerability, which was classified as problematic, was found in dro.pm. This affects an unknown part of the file web/fileman.php. The manipulation of the argument secret/key leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. Thi...

6.1CVSS4.4AI score0.00483EPSS
Exploits0References3
Rows per page
Query Builder