Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/12 6:3 p.m.37 views

CVE-2026-28742 Naxclow IoT Platform Use of hard-coded cryptographic key

Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys,...

9.8CVSS0.0033EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/05 9:26 p.m.11 views

Grav Vulnerable to Sensitive Information Disclosure via Accounts Service Bypass

Summary Information disclosure exists in Grav CMS v1.8.0-beta.29. Despite previous security patches notably in v1.8.0-beta.27/28 aimed at restricting sensitive object access within the Twig environment, the Accounts Service remains exposed. A low-privileged user EX: Content Editor with only...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/05/13 1:30 a.m.2 views

GHSA-3WMV-7PHP-RHG5 Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack

Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack...

2.1CVSS5.9AI score0.0116EPSS
Exploits0References6
PyPA
PyPA
added 2017/10/10 4:29 p.m.8 views

PYSEC-2017-70

salt before 2015.5.5 leaks git usernames and passwords to the log...

6.3CVSS7AI score0.01227EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder