Lucene search
+L

27 matches found

OSV
OSV
added 2024/12/23 8:17 p.m.19 views

GHSA-XWX7-P63R-2RJ8 Navidrome Stores JWT Secret in Plaintext in navidrome.db

Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. The JWT secret is critical for the authentication and authorization system. If...

7.1CVSS7.1AI score0.0015EPSS
Exploits0References7
CVE
CVE
added 2024/06/25 3:12 a.m.75 views

CVE-2024-37003

Summary of CVE-2024-37003 : A maliciously crafted DWG/SLDPRT file can be parsed by Autodesk AutoCAD components, specifically opennurbs.dll and ODXSW_DLL.dll, causing a stack-based overflow. This can lead to a crash, potential data exposure, or arbitrary code execution in the context of the affect...

7.8CVSS7.6AI score0.00345EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/08/17 7:15 a.m.19 views

Design/Logic Flaw

Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42...

2.6CVSS5.8AI score0.00141EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2023/05/19 8:35 a.m.12 views

CVE-2023-28045

Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data...

6.3CVSS7AI score0.00179EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/11 12:0 a.m.19 views

Information leakage vulnerability in Baisou Video HD APP

Baisou Video HD APP is a video player. Baisou Video HD APP has an information disclosure vulnerability. An attacker can exploit the vulnerability to backup the app and obtain sensitive information...

6.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/05/28 12:0 a.m.25 views

Fortinet FortiClient 6.2.x < 6.2.1 Missing Encryption Of Sensitive Data Vulnerability

The version of Fortinet FortiClient running on the remote host is prior to 6.2.1. It is, therefore, affected by a missing encryption of sensitive data vulnerability. An attacker can access VPN session cookie from an endpoint device running FortiClient. The attacker can steal the cookies only if...

5.8AI score
Exploits0References1
seebug.org
seebug.org
added 2008/10/05 12:0 a.m.18 views

Avaya IP Office Phone Manager Local Password Disclosure Exploit

No description provided by source. include windows.h include stdio.h include string.h / Filename: exploit.c Title: Avaya IP Office Phone Manager - Cleartext Sensitive Data Vulnerability Exploit v0.01 Author: pagvac Adrian Pastor Date: 24th Feb, 2005 Other info: tested on version 2.013. Compile as...

7.1AI score
Exploits0
Rows per page
Query Builder