Lucene search
+L

18 matches found

Snyk
Snyk
added 2026/06/04 2:37 p.m.21 views

User Impersonation

Overview doorkeeper-openidconnect is an OpenID Connect extension for Doorkeeper. Affected versions of this package are vulnerable to User Impersonation via the Dynamic Client Registration feature that treats clientsecretbasic and clientsecretpost parameters as confidential: false which allows...

8.8CVSS5.5AI score0.00058EPSS
Exploits0References2
Veracode
Veracode
added 2026/04/29 8:5 a.m.11 views

Timing Attack

org.springframework.boot, spring-boot-devtools is vulnerable to a timing attack. The vulnerability is due to insecure comparison of the DevTools remote secret, which allows an attacker on the same network to exploit timing differences to guess the secret and potentially achieve remote code...

7.5CVSS5.8AI score0.00262EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/02 5:58 a.m.5 views

CVE-2026-34872

A flaw was found in Mbed TLS and TF-PSA-Crypto. This vulnerability, stemming from improper input validation in the finite-field Diffie-Hellman FFDH key exchange, allows a remote attacker to force the shared secret into a small, predictable set of values. This lack of contributory behavior can...

9.1CVSS5.9AI score0.00204EPSS
Exploits0References5
NVD
NVD
added 2026/03/18 1:16 p.m.5 views

CVE-2026-32693

In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret...

8.8CVSS0.00303EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.10 views

CVE-2023-25263

In Stimulsoft Designer Desktop 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating...

5.5CVSS6.6AI score0.00233EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:14 a.m.10 views

CVE-2022-23003

When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be...

5.3CVSS6.9AI score0.00615EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-2457

Malicious code in bioql PyPI...

4.7CVSS4.8AI score0.0029EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-29225

Malicious code in bioql PyPI...

5.5CVSS5.8AI score0.00233EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-3622

Malicious code in bioql PyPI...

7.1CVSS6.2AI score0.00153EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/09/26 12:0 a.m.12 views

PT-2025-39471

Name of the Vulnerable Software and Affected Versions Unitree Go2, G1, H1, and B2 devices through September 20, 2025 Description The devices accept any handshake secret containing the substring 'unitree'. This allows unauthorized access and control of the devices. Recommendations Update devices t...

5CVSS6.6AI score0.00182EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/23 2:7 a.m.9 views

CVE-2023-46943

An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens JWTs, allowing them access t...

9.1CVSS6.5AI score0.00498EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:44 p.m.9 views

CVE-2020-14423

Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOSLOCALSECRET value, affecting password resets and invitations...

5.3CVSS7AI score0.01059EPSS
Exploits0
CVE
CVE
added 2025/01/27 12:0 a.m.63 views

CVE-2024-26317

In illumos-gate (Illumos) versioned sources from 2024-02-15, a bug in the elliptic curve point addition implementation that uses mixed Jacobian-affine coordinates can produce POINT_AT_INFINITY when a valid result is expected. This flaw enables a man-in-the-middle to interfere with a connection, c...

6.1CVSS6.7AI score0.00181EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/03/27 12:0 a.m.9 views

CVE-2023-25263

In Stimulsoft Designer Desktop 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating...

5.4AI score0.00233EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/02/24 12:0 a.m.6 views

CVE-2022-44310

In Development IL ecdh before 0.2.0, an attacker can send an invalid point not on the curve as the public key, and obtain the derived shared secret...

7.5AI score0.00666EPSS
Exploits1References1
Prion
Prion
added 2021/05/27 8:15 p.m.12 views

Design/Logic Flaw

A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret...

4CVSS6.2AI score0.00746EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2017/08/10 12:0 a.m.36 views

CVE-2017-7781

An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINTATINFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an...

5.9CVSS6.8AI score0.02755EPSS
Exploits1References2
myhack58
myhack58
added 2008/03/13 12:0 a.m.45 views

Unlock the high strength folder encryption master inside the"secret"-vulnerability warning-the black bar safety net

Title: unlock the high strength folder encryption master inside the“secret” The author of the article: ice sugarJ. S. T&E. S. T This article has been published in the hacker X-Files of 0 8 year-Issue No. 1 magazine By the author of this article ice sugar friendship submit to the evil octal Forum ...

6.9AI score
Exploits0
Rows per page
Query Builder