Lucene search
+L

201 matches found

Vulnrichment
Vulnrichment
added 2025/10/15 12:0 a.m.3 views

CVE-2025-56749

Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account...

6.7AI score0.00445EPSS
Exploits1References1
CVE
CVE
added 2025/10/15 12:0 a.m.13 views

CVE-2025-56749

The CVE-2025-56749 issue affects Creativeitem Academy LMS up to version 6.14, where a hardcoded default JWT secret allows forging valid tokens, enabling authentication bypass and unauthorized access to user accounts. Multiple connected sources corroborate the vulnerability across NVD, Red Hat, EN...

9.4CVSS6.7AI score0.00445EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-16550

Malware in sbrugna...

7.5CVSS6.5AI score0.01458EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-5755

Malware in sbrugna...

7.5CVSS7.8AI score0.01383EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3880

Malicious code in bioql PyPI...

5CVSS6.5AI score0.01244EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-54777

Malicious code in bioql PyPI...

9CVSS9.2AI score0.00554EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-14597

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.003EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2025-23514

Malicious code in bioql PyPI...

9CVSS9.2AI score0.00622EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-0108

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.01035EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-12378

Malicious code in bioql PyPI...

3.4CVSS6.6AI score0.00194EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/20 9:13 p.m.15 views

CVE-2025-54807

The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system...

9.8CVSS7.1AI score0.0068EPSS
Exploits0References1
NVD
NVD
added 2025/09/18 9:15 p.m.32 views

CVE-2025-54807

The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system...

9.8CVSS0.0068EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/25 12:0 a.m.8 views

PT-2025-34744

Name of the Vulnerable Software and Affected Versions: egOS WebGUI affected versions not specified Description: The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass...

9.8CVSS6.5AI score0.00491EPSS
Exploits0References13
CVE
CVE
added 2025/08/21 12:0 a.m.34 views

CVE-2025-51606

CVE-2025-51606 affects hippo4j versions 1.0.0 through 1.5.0. The root cause is a hard-coded secret key used during JWT creation, enabling an attacker with access to source code or binaries to forge valid tokens and impersonate any user, including privileged ones like admin. The NVD metrics assign...

8.8CVSS7.5AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/06 12:14 a.m.12 views

CVE-2025-44963

RUCKUS Network Director RND before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key...

9CVSS9.3AI score0.00622EPSS
Exploits0References1
OSV
OSV
added 2025/08/04 5:15 p.m.14 views

CVE-2025-44963

RUCKUS Network Director RND before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key...

8.1CVSS5.8AI score0.00622EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/04 12:0 a.m.38 views

CVE-2025-44963

RUCKUS Network Director RND before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key...

9CVSS0.00622EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/14 4:17 a.m.14 views

CVE-2024-38648

A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials...

9CVSS8.9AI score0.00554EPSS
Exploits0References1
NVD
NVD
added 2025/07/12 4:15 a.m.7 views

CVE-2024-38648

A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials...

9CVSS0.00554EPSS
Exploits0References1
OSV
OSV
added 2025/07/12 4:15 a.m.5 views

CVE-2024-38648

A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials...

5.7CVSS7.3AI score0.00554EPSS
Exploits0References1
Rows per page
Query Builder