Lucene search
K

701 matches found

Cvelist
Cvelist
added 2025/12/08 6:12 p.m.21 views

CVE-2025-14261 Lack of entropy allows registered low-privileged users of Litmus to crack valid JWT tokens and gain admin privileges

The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack...

7.1CVSS0.00268EPSS
Exploits0References2
CVE
CVE
added 2025/12/08 6:12 p.m.17 views

CVE-2025-14261

CVE-2025-14261 affects the Litmus platform where JWT signing uses a 6-byte secret. The root cause is extremely low entropy in the signing key, enabling brute-force access to valid tokens and potential elevation of privileges (e.g., registered users gaining admin capabilities) as described across ...

7.1CVSS6.6AI score0.00268EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.9 views

PT-2025-49153

Name of the Vulnerable Software and Affected Versions Silicon Labs Simplicity Device Manager affected versions not specified Description The web interface of the Silicon Labs Simplicity Device Manager, when exposed publicly, allows an attacker to extract the NTLMv2 hash. This hash can then be use...

7.4CVSS6.4AI score0.0016EPSS
Exploits0References4
Imperva Blog
Imperva Blog
added 2025/12/03 9:40 a.m.5 views

’Tis the Season to Be Cyber-Wary: How Thales Protects Against Account Takeover During Peak Shopping Season

The holiday shopping season is the busiest time of year for online retailers, and increasingly the most dangerous. As traffic surges and customers rush to place orders, cybercriminals use the distraction and volume to blend in. Account Takeover ATO attacks spike sharply in November and December,...

7.1AI score
Exploits0
OSV
OSV
added 2025/12/02 12:37 a.m.4 views

GHSA-GQ3G-666W-7H85 Grav Exposes Password Hashes Leading to privilege escalation

Exposure of Password Hashes Leading to privilege escalation Severity Rating: Medium Vector: Privilege Escalation CVE: XXX CWE: 200 - Exposure of Sensitive Information CVSS Score: 6.2 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L Analysis It was observed that if a users is given read...

6.2CVSS7.2AI score0.00359EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/03 12:0 a.m.5 views

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2024R1.1.3 that stems from the disclosure o...

6.5CVSS6.1AI score0.00949EPSS
Exploits0References3
OSV
OSV
added 2025/10/31 7:15 p.m.4 views

CVE-2025-62618

ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or...

8.6CVSS7AI score0.00291EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/10/31 6:31 p.m.7 views

CVE-2025-62618 ELOG file upload stored XSS

ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or...

8.6CVSS0.00291EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2025/10/28 7:50 p.m.112 views

WordPressCVEExploitProject

CVE Session 1 How to Run exploit 1. Build the docker...

6.7AI score
Exploits0
CNNVD
CNNVD
added 2025/10/25 12:0 a.m.3 views

Microweber CMS 安全漏洞

Microweber CMS is a drag-and-drop website builder from Microweber Open Source. A security vulnerability exists in version 2.0 of Microweber CMS, which stems from lax password requirements and could lead to account cracking...

8.3CVSS6.6AI score0.00417EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/10/19 11:52 a.m.278 views

Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple

CMS Made Simple ⚠️ Disclaimer: This script is for edu...

8.1CVSS8.1AI score0.55958EPSS
Exploits38
Packet Storm News
Packet Storm News
added 2025/10/17 12:0 a.m.7 views

When Intelligence Fails: An Empirical Study on Why LLMs Struggle with Password Cracking

The remarkable capabilities of Large Language Models LLMs in natural language understanding and generation have sparked interest in their potential for cybersecurity applications, including password guessing. In this study, we conduct an empirical investigation into the efficacy of pre-trained LL...

7.1AI score
Exploits0
Trellix
Trellix
added 2025/10/15 12:0 a.m.4 views

The Silent Threat in Active Directory: How AS-REP Roasting Steals Passwords Without a Trace and Trellix NDR’s Rapid Detection

The Silent Threat in Active Directory: How AS-REP Roasting Steals Passwords Without a Trace and Trellix NDR’s Rapid Detection By Maulik Maheta · October 15, 2025 Executive summary Adversaries use AS-REP Roasting to extract and crack password hashes from Active Directory AD accounts with Kerberos...

5.5AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-11480

Malware in sbrugna...

5.5CVSS5.5AI score0.00216EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-6625

Malware in sbrugna...

7.5CVSS7.8AI score0.00982EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-14645

Malware in sbrugna...

7.1CVSS6AI score0.05224EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2002-0697

Malware in sbrugna...

7.5CVSS6.4AI score0.0245EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-9498

Malware in sbrugna...

7.5CVSS7.6AI score0.00808EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-20632

Malware in sbrugna...

7.5CVSS7.6AI score0.00908EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-20730

Malware in sbrugna...

9.3CVSS8AI score0.01161EPSS
Exploits0References3
Rows per page
Query Builder