Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7551 matches found

EUVD
EUVDadded 2025/10/15 3:30 p.m.5 views

EUVD-2025-34618

Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account...

9.4CVSS6.5AI score0.00451EPSS
Exploits1References2
OSV
OSVadded 2025/10/15 3:16 p.m.3 views

CVE-2025-56749

Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account...

9.4CVSS5.7AI score0.00451EPSS
Exploits1References1
NVD
NVDadded 2025/10/15 3:16 p.m.3 views

CVE-2025-56749

Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account...

9.4CVSS0.00451EPSS
Exploits1References1
CVE
CVEadded 2025/10/15 12:0 a.m.11 views

CVE-2025-56749

The CVE-2025-56749 issue affects Creativeitem Academy LMS up to version 6.14, where a hardcoded default JWT secret allows forging valid tokens, enabling authentication bypass and unauthorized access to user accounts. Multiple connected sources corroborate the vulnerability across NVD, Red Hat, EN...

9.4CVSS6.7AI score0.00451EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2025/10/15 12:0 a.m.2 views

CVE-2025-56749

Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account...

6.7AI score0.00451EPSS
Exploits1References1
The Hacker News
The Hacker Newsadded 2025/10/14 4:55 p.m.10 views

Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year

Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year. The activity, per ReliaQuest, is the handiwork of a Chinese state-sponsored hacking group called Flax Typhoon , which is also tracked as...

6.9AI score
Exploits0
RedhatCVE
RedhatCVEadded 2025/10/14 7:42 a.m.3 views

CVE-2025-8915

Hardcoded TLS private key and certificate in firmware in Kiloview N30 2.02.246 allows malicious adversary to do a Mann-in-the-middle attack via the network...

8.7CVSS6.8AI score0.00186EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/13 9:30 a.m.2 views

EUVD-2025-34056

Hardcoded TLS private key and certificate in firmware in Kiloview N30 2.02.246 allows malicious adversary to do a Mann-in-the-middle attack via the network...

8.7CVSS6.3AI score0.00186EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/10/13 7:46 a.m.6 views

Malicious code in mcp-runcmd-server (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2e5608c421ba44a3a2e20b924bd3399d6452dba66e7aea10a0fcdc8044f5a996 Package starts a reverse shell to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

7.6AI score
Exploits0References1
OSV
OSVadded 2025/10/13 7:46 a.m.3 views

MAL-2025-191788 Malicious code in mcp-runcmd-server (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2e5608c421ba44a3a2e20b924bd3399d6452dba66e7aea10a0fcdc8044f5a996 Package starts a reverse shell to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

7.5AI score
Exploits0References1
NVD
NVDadded 2025/10/13 7:15 a.m.3 views

CVE-2025-8915

Hardcoded TLS private key and certificate in firmware in Kiloview N30 2.02.246 allows malicious adversary to do a Mann-in-the-middle attack via the network...

8.7CVSS0.00186EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/10/13 6:58 a.m.2 views

CVE-2025-8915 Hardcoded TLS private key in Kiloview N30 firmware

Hardcoded TLS private key and certificate in firmware in Kiloview N30 2.02.246 allows malicious adversary to do a Mann-in-the-middle attack via the network...

8.7CVSS6.5AI score0.00186EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/10/13 6:58 a.m.6 views

CVE-2025-8915 Hardcoded TLS private key in Kiloview N30 firmware

Hardcoded TLS private key and certificate in firmware in Kiloview N30 2.02.246 allows malicious adversary to do a Mann-in-the-middle attack via the network...

8.7CVSS0.00186EPSS
Exploits0References1
CVE
CVEadded 2025/10/13 6:58 a.m.11 views

CVE-2025-8915

The CVE-2025-8915 entry concerns Kiloview N30 firmware version 2.02.246 that contains a hardcoded TLS private key and certificate. This insecure artifact enables a malicious actor to perform a network-based Man-in-the-Middle attack. The vulnerability is characterized by a high impact on confident...

8.7CVSS6.5AI score0.00186EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/10/13 12:0 a.m.5 views

PT-2025-41763

Name of the Vulnerable Software and Affected Versions Kiloview N30 version 2.02.246 Description The firmware contains a hardcoded TLS private key and certificate. This allows a malicious actor to perform a man-in-the-middle attack over the network. Recommendations At the moment, there is no...

8.7CVSS6.3AI score0.00186EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2025/10/11 12:0 a.m.4 views

EulerOS 2.0 SP11 : cloud-init (EulerOS-SA-2025-2221)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this,cloud-init defau...

8.8CVSS5.6AI score0.00205EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/10/10 8:22 p.m.2 views

CVE-2025-35056

Newforma Info Exchange NIX '/UserWeb/Common/MarkupServices.ashx' 'StreamStampImage' accepts an encrypted file path and returns an image of the specified file. An authenticated attacker can read arbitrary files subject to the privileges of NIX, typically 'NT AUTHORITY\NetworkService', and the...

6.9CVSS6.7AI score0.00351EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.6 views

EUVD-2004-2547

Malware in sbrugna...

5CVSS6.4AI score0.02987EPSS
Exploits1References10
EUVD
EUVDadded 2025/10/07 12:30 a.m.7 views

EUVD-2015-2992

Malware in sbrugna...

8.3CVSS6.4AI score0.00892EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2021-13908

Malware in sbrugna...

9.8CVSS9.4AI score0.158EPSS
Exploits1References2
Rows per page
Query Builder