Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

23 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-41195

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.0024EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-41193

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.02116EPSS
Exploits0References1
NVD
NVDadded 2023/07/10 2:15 a.m.16 views

CVE-2023-37287

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes...

9.1CVSS9.5AI score0.00142EPSS
Exploits0References1
OSV
OSVadded 2023/07/10 2:15 a.m.1 views

CVE-2023-37287

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes...

9.1CVSS5.9AI score
Exploits0References1
NVD
NVDadded 2023/07/10 2:15 a.m.10 views

CVE-2023-37288

SmartBPM.NET component has a vulnerability of path traversal within its file download function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files...

7.5CVSS6.8AI score0.0024EPSS
Exploits0References1
NVD
NVDadded 2023/07/10 2:15 a.m.7 views

CVE-2023-37286

SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service...

9.8CVSS9.8AI score0.02116EPSS
Exploits0References1
OSV
OSVadded 2023/07/10 2:15 a.m.1 views

CVE-2023-37288

SmartBPM.NET component has a vulnerability of path traversal within its file download function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files...

7.5CVSS5.9AI score
Exploits0References1
Prion
Prionadded 2023/07/10 2:15 a.m.14 views

Hardcoded credentials

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes...

6.4CVSS9.3AI score0.00142EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2023/07/10 2:15 a.m.17 views

Path traversal

SmartBPM.NET component has a vulnerability of path traversal within its file download function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files...

5CVSS7.7AI score0.0024EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2023/07/10 2:15 a.m.11 views

Design/Logic Flaw

SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service...

7.5CVSS9.7AI score0.02116EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2023/07/10 1:2 a.m.0 views

CVE-2023-37287

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes...

9.1CVSS7.5AI score0.00142EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2023/07/10 12:0 a.m.21 views

CVE-2023-37286 SmartBPM.NET - Use of Hard-Coded Credentials - 1

SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service...

9.8CVSS10AI score0.02116EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/07/10 12:0 a.m.11 views

CVE-2023-37288 SmartBPM.NET - Path Traversal

SmartBPM.NET component has a vulnerability of path traversal within its file download function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files...

6.5CVSS7.8AI score0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/07/10 12:0 a.m.14 views

CVE-2023-37287 SmartBPM.NET - Use of Hard-Coded Credentials - 2

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes...

9.1CVSS7.5AI score0.00142EPSS
Exploits0References1
CVE
CVEadded 2023/07/10 12:0 a.m.48 views

CVE-2023-37286

SmartSoft SmartBPM.NET is affected by a vulnerability due to a hard-coded machine key. An unauthenticated remote attacker could use the machine key to send a serialized payload to the server, potentially achieving arbitrary code execution and disrupting service. CVSS 3.1 base score 9.8 (CRITICAL)...

9.8CVSS9.9AI score0.02116EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2023/07/10 12:0 a.m.11 views

CVE-2023-37288 SmartBPM.NET - Path Traversal

SmartBPM.NET component has a vulnerability of path traversal within its file download function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files...

6.5CVSS7.2AI score0.0024EPSS
Exploits0References1
CVE
CVEadded 2023/07/10 12:0 a.m.40 views

CVE-2023-37287

SmartBPM.NET (SmartBPM.NET) is affected by CVE-2023-37287 due to the use of a hard-coded authentication key. The vulnerability allows an unauthenticated remote attacker to access the system with regular user privileges, enabling reading of application data and execution of submission and approval...

9.1CVSS9.5AI score0.00142EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2023/07/10 12:0 a.m.11 views

CVE-2023-37287 SmartBPM.NET - Use of Hard-Coded Credentials - 2

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes...

9.1CVSS9.6AI score0.00142EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2023/07/10 12:0 a.m.3 views

PT-2023-25883 · Smartisoft · Smartbpm.Net

Name of the Vulnerable Software and Affected Versions: SmartSoft SmartBPM.NET affected versions not specified Description: The issue is related to the use of a hard-coded machine key in SmartSoft SmartBPM.NET. This allows an unauthenticated remote attacker to send a serialized payload to the...

9.8CVSS9.4AI score0.02116EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2023/07/10 12:0 a.m.5 views

PT-2023-25884

Name of the Vulnerable Software and Affected Versions SmartBPM.NET affected versions not specified Description The issue is related to the use of a hard-coded authentication key. An unauthenticated remote attacker can exploit this to access the system with regular user privilege, allowing them to...

9.1CVSS7.5AI score0.00142EPSS
Exploits0References6
Rows per page
Query Builder