Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 6 days ago3 views

GHSA-3QG8-5G3R-79V5 praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset

Summary Type: Insecure default cryptographic key. The JWT signing secret defaults to the hardcoded literal "dev-secret-change-me" when PLATFORMJWTSECRET is unset. A safety check exists but only fires when PLATFORMENV != "dev"; the default value of PLATFORMENV is "dev", so the check is silently...

9.8CVSS6AI score
Exploits0References2
EUVD
EUVDadded 2026/05/11 6:39 p.m.3 views

EUVD-2026-29184

SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value in backend/app/auth/utils.py:28 and ships it verbatim in .env.example. Any deployment where JWTSECR...

10CVSS6AI score0.00142EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/03/12 11:23 p.m.4 views

CVE-2026-32237

A data exposure flaw has been discovered in the @backstage/plugin-scaffolder-backend npm library. Authenticated users with permission to execute scaffolder dry-runs can gain access to server-configured environment secrets through the dry-run API response. Secrets are properly redacted in log outp...

6.5CVSS5.7AI score0.00037EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/03/12 6:38 p.m.26 views

CVE-2026-32237 @backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint

Backstage is an open framework for building developer portals. Prior to 3.1.5, authenticated users with permission to execute scaffolder dry-runs can gain access to server-configured environment secrets through the dry-run API response. Secrets are properly redacted in log output but not in all...

4.4CVSS0.00037EPSS
Exploits0References2
OSV
OSVadded 2026/03/12 2:51 p.m.3 views

GHSA-8WQ8-6859-QX77 @backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint

Impact Authenticated users with permission to execute scaffolder dry-runs can gain access to server-configured environment secrets through the dry-run API response. Secrets are properly redacted in log output but not in all parts of the response payload. Deployments that have configured...

4.4CVSS5.9AI score0.00037EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/12 2:51 p.m.3 views

EUVD-2026-11675

@backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint...

4.4CVSS5.8AI score0.00037EPSS
Exploits0References2
OSV
OSVadded 2019/09/24 5:15 a.m.0 views

UBUNTU-CVE-2019-16729

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups...

7.8CVSS7.1AI score0.0006EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2019/09/24 12:0 a.m.1 views

PT-2019-4758 · Python +2 · Pam-Python +2

Name of the Vulnerable Software and Affected Versions: pam-python versions prior to 1.0.7-1 Description: The issue is related to insecure privilege management in the pam-python PAM module, which allows an attacker to escalate privileges using a specially crafted binary file with the setuid flag...

7.8CVSS7.7AI score0.0006EPSS
Exploits0References32
Rows per page
Query Builder