Lucene search
K

233 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/05 1:45 a.m.8 views

CVE-2026-14691

A security vulnerability has been detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This impacts the function updatesettingsinfo of the file classes/SystemSettings.php of the component Setting Handler. Such manipulation of the argument content leads to code injection...

6.5CVSS6.4AI score0.00237EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-53017

Name of the Vulnerable Software and Affected Versions turso-cli affected versions not specified Description the turso-cli tool stores the user's platform JSON Web Token JWT in a settings.json file using default file permissions of 0o644. This configuration makes the credential file world-readable...

5.5CVSS6AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.9 views

CVE-2026-6610

A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack may be launched...

6.3CVSS4.9AI score0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-6611

A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoint. Performing a manipulation of the argument SECRETKEY results in use of hard-coded cryptographic key . Remote exploitation o...

3.1CVSS4.5AI score0.00248EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 10:25 a.m.13 views

Malicious code in finkrouter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75cee0798d304ff9f0532df845511df6560314b8808664c15b3c3aa18f1953b5 The package's CLI shipped as cli.obf.js, the javascript-obfuscator output with RC4 string-array encoding and control-flow flattening per package.json...

5.9AI score
Exploits0References3
NVD
NVD
added 2026/05/21 6:16 p.m.20 views

CVE-2026-48244

Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in settings.inc.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the original owner's Google...

6.9CVSS0.00224EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/21 5:11 p.m.9 views

CVE-2026-48244

Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in settings.inc.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the original owner's Google...

6.9CVSS5.8AI score0.00224EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/21 5:11 p.m.40 views

CVE-2026-48244 Open ISES Tickets < 3.44.2 Hardcoded Google Maps API Key in settings.inc.php

Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in settings.inc.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the original owner's Google...

6.9CVSS0.00224EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/21 5:11 p.m.11 views

CVE-2026-48244 Open ISES Tickets < 3.44.2 Hardcoded Google Maps API Key in settings.inc.php

Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in settings.inc.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the original owner's Google...

6.9CVSS5.8AI score0.00224EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/21 5:11 p.m.14 views

EUVD-2026-31323

Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in settings.inc.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the original owner's Google...

6.9CVSS5.8AI score0.00224EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the hardcoding of a Google Maps API key in the settings.inc.php file. This...

6.9CVSS5.9AI score0.00224EPSS
Exploits0References1
OSV
OSV
added 2026/05/13 12:0 a.m.11 views

MAL-2026-3648 Malicious code in auth-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

5.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/05 8:52 p.m.11 views

CVE-2026-40068

In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...

7.7CVSS5.8AI score0.00281EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/20 6:31 a.m.6 views

EUVD-2026-23783

A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack may be launched...

6.3CVSS5.1AI score0.00274EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/20 6:0 a.m.3 views

CVE-2026-6611 liangliangyy DjangoBlog File Upload Endpoint settings.py hard-coded key

A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoint. Performing a manipulation of the argument SECRETKEY results in use of hard-coded cryptographic key . Remote exploitation o...

3.1CVSS5AI score0.00248EPSS
Exploits0References4
CVE
CVE
added 2026/04/20 6:0 a.m.15 views

CVE-2026-6611

CVE-2026-6611 affects liangliangyy DjangoBlog up to 2.1.0.0. The issue resides in the File Upload Endpoint’s settings.py where manipulating the SECRET_KEY results in the use of a hard-coded cryptographic key. Remote exploitation is possible; the attack has high complexity and is labeled as exploi...

3.1CVSS5AI score0.00248EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/20 6:0 a.m.31 views

CVE-2026-6611 liangliangyy DjangoBlog File Upload Endpoint settings.py hard-coded key

A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoint. Performing a manipulation of the argument SECRETKEY results in use of hard-coded cryptographic key . Remote exploitation o...

3.1CVSS0.00248EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/20 6:0 a.m.3 views

CVE-2026-6611

A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoint. Performing a manipulation of the argument SECRETKEY results in use of hard-coded cryptographic key . Remote exploitation o...

3.1CVSS5AI score0.00248EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/20 5:45 a.m.3 views

CVE-2026-6610 liangliangyy DjangoBlog Setting settings.py hard-coded credentials

A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack may be launched...

6.3CVSS5.1AI score0.00274EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/20 5:45 a.m.34 views

CVE-2026-6610 liangliangyy DjangoBlog Setting settings.py hard-coded credentials

A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack may be launched...

6.3CVSS0.00274EPSS
Exploits0References4
Rows per page
Query Builder