Lucene search
K

39 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/07 8:56 p.m.6 views

CVE-2026-46700

Actual is a local-first personal finance tool. Prior to 26.6.0, the GET /secret/:name endpoint in @actual-app/sync-server checks only that the caller has a valid session and does not verify the caller is an admin, while the sibling POST /secret/ handler enforces an admin check in OpenID mode. Any...

4.3CVSS6AI score0.00342EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51448

Name of the Vulnerable Software and Affected Versions @actual-app/sync-server versions prior to 26.6.0 Description An authorization asymmetry exists in the @actual-app/sync-server component of Actual. In OpenID multi-user deployments, the GET /secret/:name endpoint only verifies that a user has a...

4.3CVSS5.9AI score0.00342EPSS
Exploits0References7
NVD
NVD
added 2026/03/16 2:20 p.m.5 views

CVE-2026-4217

A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument...

2.5CVSS0.00097EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.13 views

XREAL Nebula App 安全漏洞

The XREAL Nebula App is an application designed for XREAL’s augmented reality devices. Versions of the XREAL Nebula App 3.2.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from improper handling of parameters such as accessKey, secretAccessKey, and securityToken in...

2.5CVSS5.8AI score0.00097EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/18 4:45 p.m.5 views

CVE-2026-20142 Sensitive Information Disclosure in "_internal" index in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the RSA accessKey value from the Authentication.conf file, in plain text...

6.8CVSS5.5AI score0.0031EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.7 views

PT-2026-20472

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.0 Splunk Enterprise versions prior to 10.0.2 Splunk Enterprise versions prior to 9.4.7 Splunk Enterprise versions prior to 9.3.9 Splunk Enterprise versions prior to 9.2.11 Description A user with access...

6.8CVSS5.3AI score0.0031EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2018-15660

Malware in sbrugna...

9.9CVSS9.3AI score0.01802EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-31331

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00898EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-22817

Malicious code in bioql PyPI...

9.8CVSS4.9AI score0.0057EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-27880

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.01096EPSS
Exploits0References1
OSV
OSV
added 2025/07/27 9:15 a.m.4 views

CVE-2025-8226

A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been classified as problematic. Affected is an unknown function of the file /sysApp/find. The manipulation of the argument accessKey/secretKey leads to information disclosure. It is possible to launch the attack remotely. The...

9.8CVSS4.8AI score0.0057EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 3:33 a.m.9 views

CVE-2023-27589

Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with consoleAdmin permissions can potentially create a user that matches the root credential accessKey. Once this user is created successfully, the root...

6.5CVSS6.7AI score0.00898EPSS
Exploits1References1
Veracode
Veracode
added 2024/01/05 2:34 p.m.23 views

Insufficient Randomness

github.com/cubefs/cubefs is vulnerable to use of insufficient random strings. The vulnerability due to creation of the accessKey which is insufficiently random. This allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges...

9.8CVSS7AI score0.00439EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/03 4:20 p.m.2 views

CVE-2023-46740 Insecure random string generator used for sensitive data

CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string...

6.5CVSS7.7AI score0.00439EPSS
Exploits0References2
OSV
OSV
added 2024/01/03 4:20 p.m.49 views

CVE-2023-46740 Insecure random string generator used for sensitive data

CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string...

6.5CVSS8.9AI score0.00439EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/01/03 4:20 p.m.42 views

CVE-2023-46740 Insecure random string generator used for sensitive data

CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string...

6.5CVSS9.4AI score0.00439EPSS
Exploits0References2
CVE
CVE
added 2023/09/22 12:0 a.m.46 views

CVE-2023-43784

CVE-2023-43784 affects Plesk Onyx 17.8.11 where accessKeyId and secretAccessKey fields are tied to an Amazon AWS Firehose component. Red Hat and other sources confirm the issue; the vendor's position is that there is no security threat. Exploitation information is not provided in the connected do...

7.5CVSS7.5AI score0.00473EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2023/03/15 1:47 a.m.37 views

Privilege Escalation

github.com/minio/minio is vulnerable to Privilege Escalation. The vulnerability exists in the AddUser and ImportIAM functions of admin-handlers-users.go because a user with consoleAdmin permissions can potentially create a user that matches the root credential accessKey. Once this user is created...

6.5CVSS6.4AI score0.00898EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/03/14 7:15 p.m.29 views

Design/Logic Flaw

Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with consoleAdmin permissions can potentially create a user that matches the root credential accessKey. Once this user is created successfully, the root...

4.7CVSS6.5AI score0.00898EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/03/14 6:22 p.m.25 views

CVE-2023-27589 Minio vulnerable to denial of access by an admin privileged user for root credential

Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with consoleAdmin permissions can potentially create a user that matches the root credential accessKey. Once this user is created successfully, the root...

6.5CVSS6.3AI score0.00898EPSS
Exploits1References4
Rows per page
Query Builder