CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8091 matches found

Vulnrichment•added 2025/10/09 8:20 p.m.•2 views

CVE-2025-35052 Newforma Info Exchange (NIX) shared hard-coded secret key

Newforma Info Exchange NIX uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shar...

6.3CVSS6.7AI score0.00048EPSS

Exploits0References2

CNNVD•added 2025/10/09 12:0 a.m.•1 views

Newforma Project Center Server 安全漏洞

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. Newforma Project Center Server suffers from an information...

6.3CVSS5.7AI score0.00048EPSS

Exploits0References2

CNNVD•added 2025/10/09 12:0 a.m.•1 views

Allstar 信任管理问题漏洞

Allstar is an Open Source Security Foundation open source security policy software. A trust management issue vulnerability exists in Allstar versions prior to 4.5, which stems from the Reviewbot component using a hard-coded shared key to validate an inbound webhook request, which could lead to a...

8.2CVSS8.8AI score0.00081EPSS

Exploits0References4

Tenable Nessus•added 2025/10/09 12:0 a.m.•3 views

Barco ClickShare Devices Use of Hard-coded Credentials (CVE-2019-18831)

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure. The encrypted ClickShare Button firmware contains the private key of a test device-certificate. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more informatio...

5.3CVSS5.7AI score0.0022EPSS

Exploits0References7

Positive Technologies•added 2025/10/09 12:0 a.m.•1 views

PT-2025-41468

Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX versions 2023.3 and 2024.1 Description Newforma Info Exchange NIX utilizes a hard-coded key for encrypting query parameters. Certain encrypted parameter values can define file paths for download, potentially...

6.3CVSS6.8AI score0.00048EPSS

Exploits0References5

Positive Technologies•added 2025/10/09 12:0 a.m.•2 views

PT-2025-41496

Name of the Vulnerable Software and Affected Versions Allstar versions prior to 4.5 Description Allstar is a GitHub App used for setting and enforcing security policies. A flaw exists in the Reviewbot component where inbound webhook requests were validated against a hard-coded, shared secret. Thi...

9.9CVSS6.6AI score0.06448EPSS

Exploits11References53

Positive Technologies•added 2025/10/09 12:0 a.m.•2 views

PT-2025-41472

Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX affected versions not specified Description The software contains a flaw in the '/UserWeb/Common/MarkupServices.ashx' endpoint, specifically within the StreamStampImage function. This function processes encrypted fil...

6.9CVSS6.3AI score0.0015EPSS

Exploits0References6

NVD•added 2025/10/08 10:15 p.m.•3 views

CVE-2017-20201

CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at...

9.3CVSS0.00141EPSS

Exploits0References8

CVE•added 2025/10/08 10:4 p.m.•24 views

CVE-2017-20201

CVE-2017-20201 affects CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit). A malicious pre-entry-point loader diverts from __scrt_common_main_seh to a custom loader that decodes an embedded blob into shellcode, allocates executable memory, resolves Windows API calls at runtime, and transf...

9.3CVSS6.7AI score0.00141EPSS

Exploits0References8

RedhatCVE•added 2025/10/08 6:18 p.m.•5 views

CVE-2025-11290

A vulnerability was identified in CRMEB up to 5.6.1. This affects an unknown function of the component JWT HMAC Secret Handler. Such manipulation of the argument secret with the input default leads to use of hard-coded cryptographic key . It is possible to launch the attack remotely. Attacks of...

8.1CVSS6.6AI score0.00041EPSS

Exploits0References1

Positive Technologies•added 2025/10/08 12:0 a.m.•2 views

PT-2025-41312

Name of the Vulnerable Software and Affected Versions CCleaner versions 5.33.6162 CCleaner Cloud versions 1.07.3191 Description CCleaner and CCleaner Cloud contained a malicious pre-entry-point loader that redirects execution to a custom loader. This loader decodes an embedded blob into shellcode...

9.3CVSS6.9AI score0.00141EPSS

Exploits0References10

RedhatCVE•added 2025/10/07 6:9 a.m.•4 views

CVE-2025-11284

A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the component HTTP Header Handler. The manipulation of the argument Authorization leads to use of...

7.5CVSS6.6AI score0.00061EPSS

Exploits0References1