Lucene search
K

14 matches found

Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45398

The PDBM application relies on a static, hard‑coded secret embedded in the PDBM.exe executable. This secret is used by the application’s encryption routines, including the function responsible for decrypting credentials stored in the product’s configuration file. Because the secret is constant...

6.4CVSS5.8AI score0.00065EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-45046

The current upstream main branch at commit 7e0206d was reviewed, and the fix-first patch set was rebased on 2026-05-18. The patches cover: validated and bound inactive-agent hour filtering; storage SQL identifier validation; metadata-backed ownership checks for raw storage SQL; blocking direct...

5.8AI score0.00014EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.8 views

MiroFish 信息泄露漏洞

MiroFish is a crowd intelligence prediction engine developed by BaiFu personally. It is used to simulate and predict the future. Versions of MiroFish prior to 0.1.2 have a vulnerability related to information leakage. This vulnerability stems from improper handling of the SECRET parameter in the...

6.3CVSS5.8AI score0.00412EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/16 9:21 p.m.14 views

Use of a Broken or Risky Cryptographic Algorithm

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the process that handles JWT secret assignment. An attacker can gain unauthorized access and impersonate any user, including administrators, by crafting...

5.6CVSS5.8AI score
Exploits0References2
CVE
CVE
added 2026/03/20 4:24 a.m.27 views

CVE-2026-32953

Tillitis TKey Client (Go module tkeyclient) versions

4.7CVSS5.9AI score0.00246EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/19 11:18 p.m.6 views

CVE-2026-27004

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, in some shared-agent deployments, OpenClaw session tools sessionslist, sessionshistory, sessionssend allowed broader session targeting than some operators intended. This is primarily a configuration/visibility-scoping issue in...

6.9CVSS5.5AI score0.00105EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/27 4:33 a.m.11 views

CVE-2025-15099

A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNALAPISECRET leads to improper authentication. It is possible to initiate t...

9.8CVSS7.5AI score0.00725EPSS
Exploits1References1
NVD
NVD
added 2025/12/26 4:15 a.m.6 views

CVE-2025-15099

A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNALAPISECRET leads to improper authentication. It is possible to initiate t...

9.8CVSS0.00725EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/12/26 12:0 a.m.5 views

Sim Studio 安全漏洞

Sim Studio is an AI agent workflow builder for Sim Studio open source. A security vulnerability exists in Sim Studio 0.5.27 and earlier versions, which stems from incorrect manipulation of the parameter INTERNALAPISECRET in the file apps/sim/lib/auth/internal.ts, which could lead to improper...

9.8CVSS7.2AI score0.00725EPSS
Exploits1References8
OSV
OSV
added 2025/10/05 11:32 a.m.5 views

CVE-2025-11290 CRMEB JWT HMAC Secret hard-coded key

A vulnerability was identified in CRMEB up to 5.6.1. This affects an unknown function of the component JWT HMAC Secret Handler. Such manipulation of the argument secret with the input default leads to use of hard-coded cryptographic key . It is possible to launch the attack remotely. Attacks of...

6.3CVSS5.6AI score0.00369EPSS
Exploits0References5
OSV
OSV
added 2025/09/30 6:1 p.m.8 views

GHSA-G88P-R42R-PPP9 Repository Credentials Race Condition Crashes Argo CD Server

Summary A race condition in the repository credentials handler can cause the Argo CD server to panic and crash when concurrent operations are performed on the same repository URL. Details The vulnerability is located in numerous repository related handlers in the util/db/repositorysecrets.go file...

6.5CVSS6.8AI score0.00441EPSS
Exploits0References6
CVE
CVE
added 2025/09/08 3:2 a.m.27 views

CVE-2025-10080

The CVE affects the API component of running-elephant Datart up to version 1.0.0-rc3, specifically the getTokensecret function in datart/security/src/main/java/datart/security/util/AESUtil.java, which uses a hard-coded cryptographic key. The issue is remotely exploitable with high complexity; exp...

3.1CVSS4.1AI score0.00235EPSS
Exploits0References4
OSV
OSV
added 2024/07/22 5:40 p.m.12 views

GHSA-HCMV-JMQH-FJGM ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command

Summary The issue here is that we pass the secret content as one of the args via CLI. This issue may affect any of our charms that are using: Juju =3.0, Juju secrets and not correctly capturing and processing subprocess.CalledProcessError. There are two points that may log this command, in...

6.9CVSS5.2AI score0.00198EPSS
Exploits0References4
OSV
OSV
added 2024/03/29 11:7 a.m.2 views

OESA-2024-1341 libreswan security update

Libreswan is an implementation of IKEv1 and IKEv2 for IPsec. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

6.5CVSS7.1AI score0.00944EPSS
Exploits0References2
Rows per page
Query Builder