CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7559 matches found

Vulnrichment•added 2024/09/26 12:0 a.m.•12 views

CVE-2024-46328

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root...

7.4AI score0.00225EPSS

Exploits0References1

NVD•added 2024/09/25 1:15 a.m.•15 views

CVE-2024-46612

IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information...

9.8CVSS0.00607EPSS

Exploits1References2

OSV•added 2024/09/25 1:15 a.m.•5 views

CVE-2024-46612

IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information...

9.8CVSS5.8AI score0.00607EPSS

Exploits1References2

GithubExploit•added 2024/09/24 6:12 p.m.•214 views

Exploit for Use of Hard-coded Credentials in Solarwinds Web_Help_Desk

CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential...

9.1CVSS9.6AI score0.93159EPSS

Exploits5

Cvelist•added 2024/09/24 12:0 a.m.•20 views

CVE-2024-46612

IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information...

0.00607EPSS

Exploits1References2

Vulnrichment•added 2024/09/24 12:0 a.m.•14 views

CVE-2024-46612

IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information...

7.5AI score0.00607EPSS

Exploits1References2

Positive Technologies•added 2024/09/24 12:0 a.m.•6 views

PT-2024-32076 · Icecms · Icecms

Name of the Vulnerable Software and Affected Versions: IceCMS versions 3.4.7 and earlier Description: The issue allows an attacker to forge JWT authentication information due to a hardcoded JWT key. Recommendations: For IceCMS versions 3.4.7 and earlier, update to a version that does not contain...

9.8CVSS7.1AI score0.00607EPSS

Exploits1References6

CVE•added 2024/09/24 12:0 a.m.•85 views

CVE-2024-46612

IceCMS v3.4.7 and earlier versions contain a hardcoded JWT key, enabling an attacker to forge JWT authentication information. Affected component is the authentication/key handling within IceCMS. Impact is authenticated access forgery with high severity as described in cited sources; exploitation ...

9.8CVSS7.5AI score0.00607EPSS

Exploits1References2Affected Software1

OSSF Malicious Packages•added 2024/09/23 5:3 p.m.•5 views

Malicious code in mennort (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a18b704aee3dd3fa8d54027bbe2d6634696fcffaf194410e38fb5318d0d2a534 Package sends out the data to a hardcoded webhook. However, it's clearly said in the description, thus - not really malicious. --- Category: PROBABLYPENTEST -...

7.1AI score

Exploits0References1

OSV•added 2024/09/23 5:3 p.m.•6 views

MAL-2024-12305 Malicious code in mennort (PyPI)

7AI score

Exploits0References1

Positive Technologies•added 2024/09/19 12:0 a.m.•2 views

PT-2024-12138 · Dragonfly · Dragonfly

Name of the Vulnerable Software and Affected Versions: Dragonfly versions prior to 2.0.9 Description: The issue concerns Dragonfly, an open-source P2P-based file distribution and image acceleration system. It uses JWT to verify users, but the secret key for JWT is hardcoded, leading to...

9.8CVSS7.4AI score0.33618EPSS

Exploits1References22

Positive Technologies•added 2024/09/19 12:0 a.m.•6 views

PT-2024-10438

Name of the Vulnerable Software and Affected Versions Yeti platform affected versions not specified Description The issue is related to the use of hardcoded credentials. An attacker can exploit this to gain elevated privileges by utilizing a static JWT token. Recommendations At the moment, there ...

10CVSS5.8AI score0.00429EPSS

Exploits3References8

OSV•added 2024/09/18 6:15 p.m.•4 views

CVE-2023-41610

Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext...

8.8CVSS5.8AI score0.00398EPSS

Exploits1References1

ATTACKERKB•added 2024/09/18 6:15 p.m.•4 views

CVE-2023-41611

Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data...

6.5CVSS5.8AI score0.0035EPSS

Exploits0References2

OSV•added 2024/09/18 6:15 p.m.•1 views

CVE-2023-41611

Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data...

6.5CVSS5.8AI score0.0035EPSS

Exploits0References1

ATTACKERKB•added 2024/09/18 6:15 p.m.•4 views

CVE-2023-41610

Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext...

8.8CVSS5.8AI score0.00398EPSS

Exploits1References2

Vulnrichment•added 2024/09/18 12:0 a.m.•11 views

CVE-2023-41610

Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext...

7.5AI score0.00398EPSS

Exploits1References1

CVE•added 2024/09/18 12:0 a.m.•72 views

CVE-2023-41611

CVE-2023-41611 affects Victure PC420 firmware version 1.1.39. Root cause: use of a weak, partially hardcoded key to encrypt data. Impact aligns with confidentiality issues; CVSS v3.1 base score 6.5 (Network, Low integrity/availability impact). Exploitation details are not provided in the document...

6.5CVSS7.2AI score0.0035EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/09/18 12:0 a.m.•13 views

CVE-2023-41611

Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data...

0.0035EPSS

Exploits0References1

Positive Technologies•added 2024/09/18 12:0 a.m.•4 views

PT-2024-12945 · Victure · Victure Pc420

Name of the Vulnerable Software and Affected Versions: Victure PC420 version 1.1.39 Description: The issue is related to the use of a weak and partially hardcoded key for data encryption. Recommendations: For Victure PC420 version 1.1.39, at the moment, there is no information about a newer versi...

6.5CVSS6.9AI score0.0035EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by