8 matches found
CVE-2026-45336 HireFlow: Use of Hard-coded Credentials
HireFlow is a web-based interview management system for managing candidates, scheduling interviews, and tracking hiring progress. In 1.2 and earlier, app.py assigns a hard-coded Flask secretkey used to sign session cookies, allowing unauthenticated attackers who know the public source value to...
CVE-2022-25510
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
Exploit for Insecure Default Initialization of Resource in Apache Superset
CVE-2023-27524: Apache Superset Auth Bypass and RCE Apache Su...
Hard coded credentials in FreeTAKServer
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
Hard coded credentials in FreeTAKServer
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
Hardcoded credentials
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
PYSEC-2022-43135
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
Kubernetes: elections.k8s.io uses weak session secret key, may place elections at risk
The elections.k8s.io application used a weak Flask SECRETKEY, the string "N/A", to sign authentication cookies. This allowed the complete compromise of the application, as the session could be manipulated...