CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7568 matches found

OSV•added 2024/01/03 1:15 p.m.•3 views

CVE-2023-37608

An issue in Automatic Systems SOC FL9600 FirstLane V06 legoT04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password...

7.5CVSS5.9AI score0.00892EPSS

Exploits4References4

Vulnrichment•added 2024/01/03 12:0 a.m.•5 views

CVE-2023-37608

7.3AI score0.00892EPSS

Exploits4References2

Positive Technologies•added 2024/01/03 12:0 a.m.•3 views

PT-2024-12647 · Automatic Systems · Automatic Systems Soc Fl9600

Name of the Vulnerable Software and Affected Versions: Automatic Systems SOC FL9600 FirstLane version V06 lego T04E00 Automatic Systems SOC FL9600 FastLine version v.legoT04E00 Description: An issue in Automatic Systems SOC FL9600 allows a remote attacker to obtain sensitive information because...

7.5CVSS7.1AI score0.00892EPSS

Exploits4References12

Prion•added 2023/12/28 4:15 a.m.•15 views

Hardcoded credentials

An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root...

3.7CVSS8AI score0.00473EPSS

Exploits1References2Affected Software1

OSV•added 2023/12/27 9:15 p.m.•1 views

CVE-2023-46919

Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K AES encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it...

6.3CVSS5.8AI score0.00119EPSS

Exploits1References1

ATTACKERKB•added 2023/12/27 9:15 p.m.•2 views

CVE-2023-46919

6.3CVSS5.9AI score0.00119EPSS

Exploits1References2

Prion•added 2023/12/27 9:15 p.m.•22 views

Hardcoded credentials

Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K encryption key. The threat is from a man-in-the-middle attacker who can intercept and potentially modify data during transmissio...

2.4CVSS7AI score0.00119EPSS

Exploits1References1Affected Software2

Positive Technologies•added 2023/12/27 12:0 a.m.•3 views

PT-2023-30262 · Phlox · Simple Http Server Plus +1

Name of the Vulnerable Software and Affected Versions: Phlox com.phlox.simpleserver aka Simple HTTP Server version 1.8 com.phlox.simpleserver.plus aka Simple HTTP Server PLUS version 1.8.1-plus Description: The issue is related to a hardcoded encryption key, specifically aKySWb2jjrr4dzkYXczKRt7K,...

6.3CVSS6.4AI score0.00119EPSS

Exploits1References5

Vulnrichment•added 2023/12/27 12:0 a.m.•9 views

CVE-2023-46919

6.8AI score0.00119EPSS

Exploits1References1

Prion•added 2023/12/26 8:15 a.m.•14 views

Hardcoded credentials

VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user...

2.1CVSS7.3AI score0.00231EPSS

Exploits0References2Affected Software1

Veracode•added 2023/12/20 7:22 a.m.•19 views

Authentication Bypass

github.com/navidrome/navidrome is vulnerable to Authentication bypass. The vulnerability is due to the DefaultGet function within auth.go which is used to retrieve the JWT secret key from the database. If the key is not found or an error occurs during retrieval, it defaults to using the hardcoded...

8.6CVSS6.8AI score0.0069EPSS

Exploits1References2Affected Software1

Prion•added 2023/12/20 1:15 a.m.•17 views

Hardcoded credentials

IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220...

5CVSS6.8AI score0.00609EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2023/12/20 12:0 a.m.•7 views

PT-2023-8171 · Oracle +1 · Mysql Server +1

Name of the Vulnerable Software and Affected Versions: Voltronic Power ViewPower Pro affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. The flaw exists within the configuration of a MySQL instance, resulting from...

7.8CVSS7.4AI score0.00234EPSS

Exploits0References6

Github Security Blog•added 2023/12/19 11:37 p.m.•35 views

Authentication bypass vulnerability in navidrome's subsonic endpoint

Summary A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token JWT signed with the key "not so secret". The vulnerability can only be exploited o...

8.6CVSS7.7AI score0.0069EPSS

Exploits1References4Affected Software1

ICS•added 2023/12/12 12:0 a.m.•61 views

Siemens RUGGEDCOM and SCALANCE M-800/S615 Family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

6.9CVSS7.8AI score0.007EPSS

Exploits0References10

Positive Technologies•added 2023/12/11 12:0 a.m.•5 views

PT-2023-25650 · Prolion · Prolion Cryptospike

Name of the Vulnerable Software and Affected Versions: ProLion CryptoSpike version 3.0.15P2 Description: A hard-coded cryptographic private key used to sign JWT authentication tokens allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via...

7.5CVSS7.7AI score0.00754EPSS

Exploits1References6

OSV•added 2023/12/07 6:15 p.m.•4 views

CVE-2023-40300

NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key...

9.8CVSS5.8AI score0.00706EPSS

Exploits0References1