Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2018-2882

Malware in sbrugna...

7.5CVSS7.5AI score0.00197EPSS
Exploits1References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2018-3017

Malware in sbrugna...

7.5CVSS7.5AI score0.00284EPSS
Exploits1References4
Cvelist
Cvelistadded 2022/12/27 10:37 p.m.13 views

CVE-2021-4290 DHBW Fallstudie Login passport.js sql injection

A vulnerability was found in DHBW Fallstudie. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file app/config/passport.js of the component Login. The manipulation of the argument id/email leads to sql injection. The name of the patch is...

5.5CVSS10AI score0.00297EPSS
Exploits0References3
CNVD
CNVDadded 2018/06/07 12:0 a.m.2 views

Dedos-web Hardcoded Password Vulnerability

Dedos-web is a set of online tools for executing programs designed using DEDOS-Editor. A security vulnerability exists in version 1.0 of Dedos-web. The vulnerability stems from the program's use of the Passport.js package to provide authentication policies. An attacker can exploit the vulnerabili...

7.5CVSS7.8AI score0.00197EPSS
Exploits1References1
CNVD
CNVDadded 2018/06/07 12:0 a.m.1 views

GamerPolls Removes Use of Hardcoded Exploits

GamerPolls is a polling stats graph display plugin. A security vulnerability exists in GamerPolls version 0.4.6 that stems from the program's use of the Passport.js package to provide authentication policies. An attacker can exploit the vulnerability to bypass authentication...

7.5CVSS7.6AI score0.00284EPSS
Exploits1References1
Prion
Prionadded 2018/06/05 3:29 p.m.9 views

Hardcoded credentials

In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this...

7.5CVSS7.2AI score0.00197EPSS
Exploits1References2Affected Software1
NVD
NVDadded 2018/06/05 3:29 p.m.10 views

CVE-2018-10813

In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this...

7.5CVSS7.2AI score0.00197EPSS
Exploits1References2
Cvelist
Cvelistadded 2018/06/05 3:0 p.m.15 views

CVE-2018-10813

In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this...

7.2AI score0.00197EPSS
Exploits1References2
CVE
CVEadded 2018/06/05 3:0 p.m.39 views

CVE-2018-10813

Dedos-web 1.0 has hardcoded session cookies/secrets in the Express.js app, exposed in GitHub source. An attacker can modify session cookie contents and re-sign them with the hardcoded secret via Passport.js, enabling privilege escalation. Public references (CNVD/NVD) confirm hardcoded credentials...

7.5CVSS7.2AI score0.00197EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder