CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Patchstack•added 2026/05/12 3:9 p.m.•6 views

NPM: sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)

NPM: sealed-env: TOTP secret embedded in unseal token payload enterprise mode vulnerability discovered by ? in WordPress Npm sealed-env versions 0.1.0-alpha.4...

Exploits1References3Affected Software1

OSV•added 2026/05/12 3:9 p.m.•1 views

GHSA-X3R2-FJ3R-G5MV sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)

In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encoded JSON, NOT encrypted. Any party who could observe a minted token CI build logs, container env dumps...

EUVD•added 2026/05/12 3:9 p.m.•6 views

Exploits1References3

EUVD-2026-29476

sealed-env: TOTP secret embedded in unseal token payload enterprise mode...

Vulnrichment•added 2026/05/12 1:20 p.m.•5 views

CVE-2026-45091 sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)

CVE•added 2026/05/12 1:20 p.m.•5 views

CVE-2026-45091

CVE-2026-45091 affects sealed-env in enterprise mode prior to 0.1.0-alpha.4. In versions 0.1.0-alpha.1 to alpha.3, the operator’s literal TOTP secret was embedded in the JWS payload of every minted unseal token. The JWS payload is base64-encoded JSON, not encrypted, allowing anyone who can observ...

Cvelist•added 2026/05/12 1:20 p.m.•25 views

CVE-2026-45091 sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)

9.1CVSS0.00014EPSS

CNNVD•added 2026/05/12 12:0 a.m.•3 views

sealed-env 信息泄露漏洞

Sealed-Env is a cross-platform zero-trust key management library developed by David Almeida. It supports encrypted storage and TOTP verification. Versions of Sealed-Env from 0.1.0-alpha.1 to 0.1.0-alpha.3 contained information leakage vulnerabilities. These vulnerabilities stemmed from the fact...

ATTACKERKB•added 2022/05/20 3:15 p.m.•1 views

CVE-2022-28660

The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode...

9.8CVSS7.2AI score0.00466EPSS

Exploits0References3

CNVD•added 2018/07/18 12:0 a.m.•1 views

Microsoft Enterprise Mode Site List Manager XML External Entity Injection Vulnerability

The Microsoft Enterprise Mode Site List Manager Enterprise Mode Site List Manager tool allows IT professionals to create and update Enterprise Mode Site Lists for their companies without the need to directly edit XML. Microsoft Enterprise Mode Site List Manager XML External Entity Injection...

7.1AI score

Exploits0References1

exploitpack•added 2018/07/16 12:0 a.m.•24 views

Microsoft Enterprise Mode Site List Manager - XML External Entity Injection

Microsoft Enterprise Mode Site List Manager - XML External Entity Injection + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-ENTERPRISE-MODE-SITE-LIST-MANAGER-XXE.txt + ISR: Apparition Security Greetz:...

7.7AI score

Packet Storm•added 2018/07/16 12:0 a.m.•35 views

Microsoft Windows Enterprise Mode Site List 1/2 XML Injection

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-ENTERPRISE-MODE-SITE-LIST-MANAGER-XXE.txt + ISR: Apparition Security Greetz: indoushka | Eduardo Vendor ============= www.microsoft Product ===========...

7.4AI score

Exploit DB•added 2018/07/16 12:0 a.m.•50 views

Microsoft Enterprise Mode Site List Manager - XML External Entity Injection

7.4AI score

0day.today•added 2018/07/16 12:0 a.m.•23 views

Microsoft Enterprise Mode Site List Manager - XML External Entity Injection Vulnerability

Exploit for windows platform in category local exploits + Credits: John Page aka hyp3rlinx Vendor ============= www.microsoft Product =========== Enterprise Mode Site List Manager versions1/2 You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain...