Lucene search
+L

201 matches found

snyk
snyk
added 2026/02/05 12:36 a.m.7 views

Insecure Default Initialization of Resource

Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to the use of a hardcoded JWT secret in the default configuration. An attacker can gain administrative access...

9.8CVSS6AI score0.00759EPSS
Exploits0References3
github
github
added 2026/02/05 12:36 a.m.13 views

FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration

Description An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is enabled, but the administrator JWT secret is not configured. This...

9.8CVSS6.3AI score0.00759EPSS
Exploits0References5Affected Software1
vulnrichment
vulnrichment
added 2026/02/04 8:6 p.m.3 views

CVE-2026-25505 Bambuddy Uses Hardcoded Secret Key + Many API Endpoints do not Require Authentication

Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7...

9.8CVSS5.4AI score0.00724EPSS
Exploits1References7
cvelist
cvelist
added 2026/02/04 8:6 p.m.28 views

CVE-2026-25505 Bambuddy Uses Hardcoded Secret Key + Many API Endpoints do not Require Authentication

Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7...

9.8CVSS0.00724EPSS
Exploits1References7
euvd
euvd
added 2026/02/04 8:6 p.m.11 views

EUVD-2026-5350

Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7...

9.8CVSS5.4AI score0.00724EPSS
Exploits1References3
osv
osv
added 2026/02/04 8:6 p.m.6 views

CVE-2026-25505 Bambuddy Uses Hardcoded Secret Key + Many API Endpoints do not Require Authentication

Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7...

9.8CVSS5.4AI score0.00724EPSS
Exploits1References9
github
github
added 2026/02/02 9:21 p.m.11 views

Bambuddy Uses Hardcoded Secret Key + Many API Endpoints do not Require Authentication

Summary 1. A hardcoded secret key used for signing JWTs is checked into source code 2. ManyAPI routes do not check authentication Details I am using the publicly available docker image at ghcr.io/maziggy/bambuddy 1. Hardcoded JWT Secret Key...

9.8CVSS5.5AI score0.00724EPSS
Exploits1References9Affected Software1
osv
osv
added 2026/02/02 9:21 p.m.10 views

GHSA-GC24-PX2R-5QMF Bambuddy Uses Hardcoded Secret Key + Many API Endpoints do not Require Authentication

Summary 1. A hardcoded secret key used for signing JWTs is checked into source code 2. ManyAPI routes do not check authentication Details I am using the publicly available docker image at ghcr.io/maziggy/bambuddy 1. Hardcoded JWT Secret Key...

9.8CVSS5.6AI score0.00724EPSS
Exploits1References9
ptsecurity
ptsecurity
added 2026/02/02 12:0 a.m.11 views

PT-2026-6298

Name of the Vulnerable Software and Affected Versions Bambuddy versions prior to 0.1.7 Description Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Versions before 0.1.7 include a hardcoded secret key used for signing JSON Web Tokens JWTs. Multiple API rout...

9.8CVSS5.5AI score0.00724EPSS
Exploits1References19
ptsecurity
ptsecurity
added 2026/02/02 12:0 a.m.6 views

PT-2026-6421

Summary 1. A hardcoded secret key used for signing JWTs is checked into source code 2. ManyAPI routes do not check authentication Details I am using the publicly available docker image at ghcr.io/maziggy/bambuddy 1. Hardcoded JWT Secret Key...

9.8CVSS5.7AI score0.00724EPSS
Exploits1References6
redhatcve
redhatcve
added 2026/01/09 10:27 a.m.13 views

CVE-2008-7311

The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.actioncontrollersession hash value aka secret key, which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the...

5CVSS6.9AI score0.01244EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 9:55 a.m.8 views

CVE-2020-12627

Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX RXHH!jmNLWX/,?RT' hardcoded secret key...

9.8CVSS7.3AI score0.01368EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/12/29 2:3 p.m.6 views

CVE-2025-68948

SiYuan is self-hosted, open source personal knowledge management software. In versions 3.5.1 and prior, the SiYuan Note application utilizes a hardcoded cryptographic secret for its session store. This unsafe practice renders the session encryption ineffective. Since the sensitive AccessAuthCode ...

8.1CVSS6.6AI score0.00197EPSS
Exploits1References1
nvd
nvd
added 2025/12/27 1:15 a.m.7 views

CVE-2025-68948

SiYuan is self-hosted, open source personal knowledge management software. In versions 3.5.1 and prior, the SiYuan Note application utilizes a hardcoded cryptographic secret for its session store. This unsafe practice renders the session encryption ineffective. Since the sensitive AccessAuthCode ...

8.1CVSS0.00197EPSS
Exploits1References1
euvd
euvd
added 2025/12/27 12:21 a.m.8 views

EUVD-2025-205463

SiYuan is self-hosted, open source personal knowledge management software. In versions 3.5.1 and prior, the SiYuan Note application utilizes a hardcoded cryptographic secret for its session store. This unsafe practice renders the session encryption ineffective. Since the sensitive AccessAuthCode ...

6.9CVSS6.2AI score0.00197EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/12/27 12:21 a.m.3 views

CVE-2025-68948 SiYuan: Information Disclosure and Authentication Bypass via Hardcoded Session Secret

SiYuan is self-hosted, open source personal knowledge management software. In versions 3.5.1 and prior, the SiYuan Note application utilizes a hardcoded cryptographic secret for its session store. This unsafe practice renders the session encryption ineffective. Since the sensitive AccessAuthCode ...

6.9CVSS6.3AI score0.00197EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2025/12/27 12:0 a.m.8 views

PT-2025-53613

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.1 Description SiYuan Note application uses a hardcoded cryptographic secret for its session store, making session encryption ineffective. The AccessAuthCode, stored in the session cookie, can be decrypted by an...

6.9CVSS6.5AI score0.00197EPSS
Exploits1References4
vulncheck_kev
vulncheck_kev
added 2025/12/19 12:0 a.m.37 views

VulnCheck KEV: CVE-2024-3408

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...

9.8CVSS6.7AI score0.77803EPSS
In wildExploits5References64
redhatcve
redhatcve
added 2025/12/11 5:3 a.m.11 views

CVE-2025-65730

Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, fixed in 0.62.19, uses a hardcoded secret for signing JWT tokens used for authentication...

8.8CVSS6.8AI score0.00495EPSS
Exploits1References1
githubexploit
githubexploit
added 2025/12/10 5:31 a.m.256 views

Exploit for CVE-2025-55449

CVE-2025-55449 - AstrBot Remote Code Execution RCE Vulnerabi...

9.3AI score0.00281EPSS
Exploits2
Rows per page
Query Builder