Lucene search
K

40 matches found

Wolfi
Wolfi
added 2026/06/02 1:48 a.m.16 views

GHSA-3PV8-6F4R-FFG2 vulnerabilities

Vulnerabilities for packages: wasm-pack, litmus, cleave, cargo-c, sccache, qdrant, rustup, zizmor, rye, deno, buck2, wasmcloud...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/09 6:29 p.m.5 views

CVE-2025-14261

The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack...

7.1CVSS7AI score0.00273EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/08 9:30 p.m.5 views

EUVD-2025-201794

The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack...

7.1CVSS6.4AI score0.00273EPSS
Exploits0References3
NVD
NVD
added 2025/12/08 7:15 p.m.7 views

CVE-2025-14261

The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack...

7.1CVSS0.00273EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/08 6:12 p.m.5 views

CVE-2025-14261 Lack of entropy allows registered low-privileged users of Litmus to crack valid JWT tokens and gain admin privileges

The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack...

7.1CVSS6.6AI score0.00273EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/08 6:12 p.m.26 views

CVE-2025-14261 Lack of entropy allows registered low-privileged users of Litmus to crack valid JWT tokens and gain admin privileges

The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack...

7.1CVSS0.00273EPSS
Exploits0References2
OSV
OSV
added 2025/12/08 6:12 p.m.13 views

CVE-2025-14261 Lack of entropy allows registered low-privileged users of Litmus to crack valid JWT tokens and gain admin privileges

The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack...

7.1CVSS5.9AI score0.00273EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.10 views

LitmusChaos 安全特征问题漏洞

LitmusChaos is a program open-sourced by Litmus Chaos that practices chaos engineering in a cloud-native manner. LitmusChaos suffers from a Security Feature Issue vulnerability that stems from a JWT signing key that is too short, which could lead to authentication bypass...

7.1CVSS6.7AI score0.00273EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/08 12:0 a.m.6 views

PT-2025-49585

Name of the Vulnerable Software and Affected Versions Litmus Platform affected versions not specified Description The Litmus platform utilizes JWT for authentication and authorization; however, the JWT signing secret key is only 6 bytes in length, making it susceptible to cracking. This allows fo...

7.1CVSS6.6AI score0.00273EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-24075

Malicious code in bioql PyPI...

7.8CVSS5.6AI score0.00236EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-27552

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.003EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/09/12 12:20 a.m.18 views

CVE-2025-56405

An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol...

7.5CVSS6.9AI score0.003EPSS
Exploits1References1
NVD
NVD
added 2025/09/10 2:15 p.m.10 views

CVE-2025-56405

An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol...

7.5CVSS0.003EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/09/10 12:0 a.m.3 views

CVE-2025-56405

An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol...

6.3AI score0.003EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/09/10 12:0 a.m.7 views

Litmus MCP Server 安全漏洞

Litmus MCP Server is a Litmus open source MCP server for configuring Litmus instances. A security vulnerability exists in Litmus MCP Server version 0.0.1 and earlier, which originates from the possibility that an unauthorized attacker could take control of the target MCP service...

7.5CVSS6.6AI score0.003EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.5 views

PT-2025-37050

Name of the Vulnerable Software and Affected Versions: litmusautomation litmus-mcp-server versions through 0.0.1 Description: An issue allows unauthorized attackers to control the target's MCP service through the SSE Server-Sent Events protocol. Recommendations: At the moment, there is no...

7.5CVSS6.2AI score0.003EPSS
Exploits1References5
OSV
OSV
added 2025/09/10 12:0 a.m.4 views

CVE-2025-56405

An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol...

7.5CVSS7AI score0.003EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/09/10 12:0 a.m.13 views

CVE-2025-56405

An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol...

0.003EPSS
Exploits1References2
CVE
CVE
added 2025/09/10 12:0 a.m.24 views

CVE-2025-56405

The CVE-2025-56405 entry concerns litmusautomation litmus-mcp-server up to version 0.0.1, where an issue allows unauthorized attackers to control the target MCP service via the SSE protocol. The NVD/SCA records indicate CVSSv3.1 base score 7.5 (High) with NETWORK attack vector, LOW attack complex...

7.5CVSS6.3AI score0.003EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/12 6:36 a.m.8 views

CVE-2025-8796

A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/deleteproject/ of the component Delete Request Handler. The manipulation of the argument projectID leads to missing authorization. The attack...

5.5CVSS7.2AI score0.00372EPSS
Exploits1References1
Rows per page
Query Builder