Lucene search
+L

201 matches found

Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.7 views

PT-2024-35161 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.2 Description: The issue allows attackers to forge JWT and take over services due to the JWT secret being hardcoded in the code. Additionally, the UID and OID are also hardcoded. This has been fixed in version...

9.8CVSS7.2AI score0.00833EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/09/19 12:0 a.m.5 views

PT-2024-12138 · Dragonfly · Dragonfly

Name of the Vulnerable Software and Affected Versions: Dragonfly versions prior to 2.0.9 Description: The issue concerns Dragonfly, an open-source P2P-based file distribution and image acceleration system. It uses JWT to verify users, but the secret key for JWT is hardcoded, leading to...

9.8CVSS7.4AI score0.33618EPSS
Exploits1References22
OSV
OSV
added 2024/08/21 2:17 p.m.56 views

GO-2023-2022 Netmaker has Hardcoded DNS Secret Key in github.com/gravitl/netmaker

Netmaker has Hardcoded DNS Secret Key in github.com/gravitl/netmaker...

7.5CVSS7.4AI score0.03147EPSS
Exploits0References5
Ivanti
Ivanti
added 2024/07/16 9:6 a.m.9 views

SA-2024-07-12-CVE-2024-38648

SECURITY ADVISORY 07-12-2024 Product Affected: Ivanti Desktop and Server Management A vulnerability was recently discovered in DSM. This vulnerability is remediated in DSM 2024.2. Vulnerability Information CVE | CVSS | Summary | Product Affected ---|---|---|--- CVE-2024-38648 CVE Reserved | 9.0...

9CVSS6.4AI score0.00554EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/06/06 9:30 p.m.28 views

Authentication bypass in dtale

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...

9.8CVSS10AI score0.77803EPSS
Exploits5References5Affected Software1
OSV
OSV
added 2024/06/06 7:16 p.m.4 views

PYSEC-2024-117

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...

9.8CVSS8AI score0.77803EPSS
Exploits5References4
PyPA
PyPA
added 2024/06/06 7:16 p.m.6 views

PYSEC-2024-117

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...

9.8CVSS8.9AI score0.77803EPSS
Exploits5References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/04/12 12:0 a.m.18 views

Apache Superset < 2.1.0 Hardcoded Secret Key

Apache Superset versions prior to 2.1.0 uses a default secret to sign cookies. An unauthenticated attacker can use this default value to forge a cookie and authenticate himself as administrator. No source data...

9.8CVSS7.3AI score0.97405EPSS
Exploits20References3
Positive Technologies
Positive Technologies
added 2024/04/07 12:0 a.m.8 views

PT-2024-21918 · Unknown · Zlmediakit

Name of the Vulnerable Software and Affected Versions: ZLMediaKit versions 1.0 through 8.0 Description: The issue allows remote attackers to escalate privileges and obtain sensitive information due to an Incorrect Access Control vulnerability. The application system enables the http API interface...

9.8CVSS7.3AI score0.0063EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.5 views

PT-2024-22328 · Unknown · Yourspotify

Name of the Vulnerable Software and Affected Versions: YourSpotify versions prior to 1.8.0 Description: The issue concerns the use of a hardcoded JSON Web Token JWT secret in authentication tokens. This allows attackers to forge valid authentication tokens for any user, effectively bypassing...

9.8CVSS7.3AI score0.00823EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.3 views

PT-2024-25690

Name of the Vulnerable Software and Affected Versions man-group/dtale version 3.10.0 Description The issue arises from improper input validation, leading to an authentication bypass and remote code execution RCE. A hardcoded SECRET KEY in the flask configuration allows attackers to forge a sessio...

10CVSS8.8AI score0.77803EPSS
Exploits5References17
Github Security Blog
Github Security Blog
added 2024/01/13 3:30 a.m.24 views

EverShop at risk to unauthorized access via weak HMAC secret

An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.9. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens JWTs, allowing them access t...

9.1CVSS6.8AI score0.00498EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/01/13 2:15 a.m.3 views

CVE-2023-46943

An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens JWTs, allowing them access t...

9.1CVSS5.8AI score0.00498EPSS
Exploits0References3
OSV
OSV
added 2024/01/13 2:15 a.m.7 views

CVE-2023-46943

An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens JWTs, allowing them access t...

9.1CVSS5.8AI score0.00498EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/13 12:0 a.m.4 views

EverShop Security Breach

EverShop is a NodeJS e-commerce platform open-sourced by EverShop. A security vulnerability exists in EverShop versions prior to 1.0.0-rc.8, which stems from the HMAC secret used to generate tokens being hardcoded as "secret"...

9.1CVSS6.7AI score0.00498EPSS
Exploits0References3
OSV
OSV
added 2024/01/12 4:15 p.m.7 views

CVE-2023-28897

The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III 3V3 - 2.0 TDI manufactured in 2022...

9.8CVSS5.8AI score0.00312EPSS
Exploits0References1
NVD
NVD
added 2024/01/12 4:15 p.m.34 views

CVE-2023-28897

The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III 3V3 - 2.0 TDI manufactured in 2022...

9.8CVSS5.7AI score0.00312EPSS
Exploits0References1
OSV
OSV
added 2024/01/12 3:15 p.m.6 views

CVE-2023-49259

The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time...

7.5CVSS5.8AI score0.00556EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/12 12:0 a.m.5 views

PT-2024-13716 · Hongdian · H8951-4G-Esp +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The authentication cookies are generated using an algorithm based on the username, a hardcoded secret, and the up-time, and can be guessed in a reasonab...

9.8CVSS7.5AI score0.00556EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/01/12 12:0 a.m.8 views

PT-2024-13391 · Npm · @Evershop/Evershop

Name of the Vulnerable Software and Affected Versions: @evershop/evershop versions prior to 1.0.0-rc.8 Description: An issue was discovered in NPM's package @evershop/evershop where the HMAC secret used for generating tokens is hardcoded as "secret". This poses a risk because attackers can use th...

9.1CVSS6.6AI score0.00498EPSS
Exploits0References11
Rows per page
Query Builder