18 matches found
User Impersonation
Overview doorkeeper-openidconnect is an OpenID Connect extension for Doorkeeper. Affected versions of this package are vulnerable to User Impersonation via the Dynamic Client Registration feature that treats clientsecretbasic and clientsecretpost parameters as confidential: false which allows...
Timing Attack
org.springframework.boot, spring-boot-devtools is vulnerable to a timing attack. The vulnerability is due to insecure comparison of the DevTools remote secret, which allows an attacker on the same network to exploit timing differences to guess the secret and potentially achieve remote code...
CVE-2026-34872
A flaw was found in Mbed TLS and TF-PSA-Crypto. This vulnerability, stemming from improper input validation in the finite-field Diffie-Hellman FFDH key exchange, allows a remote attacker to force the shared secret into a small, predictable set of values. This lack of contributory behavior can...
CVE-2026-32693
In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret...
CVE-2023-25263
In Stimulsoft Designer Desktop 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating...
CVE-2022-23003
When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be...
EUVD-2023-2457
Malicious code in bioql PyPI...
EUVD-2023-29225
Malicious code in bioql PyPI...
EUVD-2024-3622
Malicious code in bioql PyPI...
PT-2025-39471
Name of the Vulnerable Software and Affected Versions Unitree Go2, G1, H1, and B2 devices through September 20, 2025 Description The devices accept any handshake secret containing the substring 'unitree'. This allows unauthorized access and control of the devices. Recommendations Update devices t...
CVE-2023-46943
An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens JWTs, allowing them access t...
CVE-2020-14423
Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOSLOCALSECRET value, affecting password resets and invitations...
CVE-2024-26317
In illumos-gate (Illumos) versioned sources from 2024-02-15, a bug in the elliptic curve point addition implementation that uses mixed Jacobian-affine coordinates can produce POINT_AT_INFINITY when a valid result is expected. This flaw enables a man-in-the-middle to interfere with a connection, c...
CVE-2023-25263
In Stimulsoft Designer Desktop 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating...
CVE-2022-44310
In Development IL ecdh before 0.2.0, an attacker can send an invalid point not on the curve as the public key, and obtain the derived shared secret...
Design/Logic Flaw
A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret...
CVE-2017-7781
An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINTATINFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an...
Unlock the high strength folder encryption master inside the"secret"-vulnerability warning-the black bar safety net
Title: unlock the high strength folder encryption master inside the“secret” The author of the article: ice sugarJ. S. T&E. S. T This article has been published in the hacker X-Files of 0 8 year-Issue No. 1 magazine By the author of this article ice sugar friendship submit to the evil octal Forum ...