Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

227 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.5 views

EUVD-2025-18201

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00274EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2024-0829

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00198EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2024-19784

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00181EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-21974

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00122EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-0256

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00325EPSS
Exploits0References6
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2024-0168

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00226EPSS
Exploits0References4
Veracode
Veracodeadded 2025/06/17 8:49 a.m.5 views

Brute Force Attack

vantage6 is vulnerable to Brute Force Attack. The vulnerability is due to insufficient rate limiting due to the ability to make unlimited password change attempts using an authenticated session, allowing attackers to guess passwords...

9.8CVSS6.3AI score0.00316EPSS
Exploits0References4Affected Software1
Veracode
Veracodeadded 2025/06/17 8:38 a.m.4 views

Use Of Insufficiently Random Values

vantage6 is vulnerable to Use of Insufficiently Random Values. The vulnerability is due to insecure randomness of UUID1 for auto-generating JWT secret keys, which is partially predictable and not cryptographically secure...

7.5CVSS6.4AI score0.00274EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVEadded 2025/06/14 7:21 p.m.6 views

CVE-2025-43866

vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is...

7.5CVSS6.2AI score0.00274EPSS
Exploits0References1
OSV
OSVadded 2025/06/12 11:2 p.m.5 views

GHSA-M3MQ-F375-5VGH Vantage6 Server JWT secret not cryptographically secure

Impact The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent Patches No Workarounds You may define JWT secret key in the server configuration file...

6.3CVSS7AI score0.00274EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2025/06/12 11:2 p.m.19 views

Vantage6 Server JWT secret not cryptographically secure

Impact The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent Patches No Workarounds You may define JWT secret key in the server configuration file...

7.5CVSS6.4AI score0.00274EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsvadded 2025/06/12 11:0 p.m.1 views

vantage6-algorithm-store (>=4.10.0 <=4.10.2), vantage6-node (>=0.0.0 <=4.10.2) +1 more potentially affected by CVE-2025-43863 via vantage6 (>=0.0.0 <=4.10.2)

vantage6 PYPI version =0.0.0, =4.10.0, =0.0.0, =0.0.0, =4.10.2 Source cves: CVE-2025-43863 Source advisory: OSV:GHSA-J6G5-P62X-58HW...

9.8CVSS5.8AI score0.00316EPSS
Exploits0
Snyk
Snykadded 2025/06/12 6:50 p.m.4 views

Insecure Randomness

Overview vantage6-server is a Vantage6 server Affected versions of this package are vulnerable to Insecure Randomness via the configureflask function, due to the predictable nature of the auto-generated secret key, an attacker can determine it and forge valid security tokens. This allows them to...

7.5CVSS7.2AI score0.00274EPSS
Exploits0References2
PyPA
PyPAadded 2025/06/12 6:15 p.m.4 views

PYSEC-2025-220

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...

9.8CVSS5.8AI score0.00316EPSS
Exploits0References1Affected Software1
PyPA
PyPAadded 2025/06/12 6:15 p.m.7 views

PYSEC-2025-221

vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2025/06/12 6:15 p.m.11 views

CVE-2025-43863

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...

9.8CVSS0.00316EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/06/12 6:4 p.m.15 views

CVE-2025-43866 Vantage6 Server JWT secret not cryptographically secure

vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is...

6.3CVSS0.00274EPSS
Exploits0References1
OSV
OSVadded 2025/06/12 6:4 p.m.3 views

CVE-2025-43866 Vantage6 Server JWT secret not cryptographically secure

vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is...

6.3CVSS6.5AI score0.00274EPSS
Exploits0References3
CVE
CVEadded 2025/06/12 6:4 p.m.44 views

CVE-2025-43866

Vantage6 Server JWT secret not cryptographically secure: the auto-generated key uses UUID1, which is partially predictable. This exposes potential forgery of security tokens. The issue is fixed in version 4.11.0; upgrading to 4.11.0+ or defining a custom JWT secret in configuration mitigates the ...

7.5CVSS6.3AI score0.00274EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2025/06/12 6:4 p.m.5 views

CVE-2025-43866 Vantage6 Server JWT secret not cryptographically secure

vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is...

6.3CVSS6.9AI score0.00274EPSS
Exploits0References1
Rows per page
Query Builder