Lucene search
K

9 matches found

OSV
OSV
added 2026/04/28 6:30 p.m.8 views

GHSA-QPV2-RWC8-C993 Netmaker does not verify JWT signatures for host tokens

Netmaker by Gravitl is an open-source WireGuard-based networking platform for creating and managing virtual overlay networks. The VerifyHostToken function in logic/jwts.go does not validate the JWT signature when verifying host tokens. After calling jwt.ParseWithClaims, the function only checks...

9.2CVSS5.8AI score0.00298EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2021-9273

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00836EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 7:13 p.m.10 views

CVE-2021-22115

Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller...

6.5CVSS7AI score0.00836EPSS
Exploits0References1
OSV
OSV
added 2025/02/26 9:15 p.m.9 views

CVE-2024-50688

SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application regardless of the user account and the cloud uses the same MQTT credentials for exchanging the device telemetry...

9.8CVSS5.8AI score0.00474EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.6 views

SUSE CVE-2021-22115

Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller...

6.5CVSS6.7AI score0.00836EPSS
Exploits0References3
OSV
OSV
added 2023/01/12 11:15 p.m.4 views

CVE-2023-22597

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by default. An...

5.9CVSS6.3AI score0.00513EPSS
Exploits0References1
NVD
NVD
added 2021/04/08 6:15 p.m.26 views

CVE-2021-22115

Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller...

6.5CVSS0.00836EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2011/09/07 4:39 p.m.5 views

cumin: broker username/password appears in the log file

Cumin in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker...

4.6CVSS5.8AI score0.00391EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2011/09/07 4:34 p.m.7 views

cumin: broker username/password appears in the log file

Cumin in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker...

4.6CVSS5.8AI score0.00391EPSS
Exploits0References4
Rows per page
Query Builder