Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Snyk
Snykadded 5 days ago4 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
OSV
OSVadded 2025/03/10 6:31 p.m.7 views

GHSA-C3Q9-Q986-VRWH Nomad is vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs

Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...

6.5CVSS6.4AI score0.00187EPSS
Exploits0References5
Prion
Prionadded 2023/07/03 9:15 p.m.10 views

Code injection

?The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successful...

2.6CVSS6.2AI score0.00143EPSS
Exploits0References1Affected Software5
Cvelist
Cvelistadded 2023/07/03 8:1 p.m.22 views

CVE-2023-36610

​The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successful...

5.9CVSS5.9AI score0.00143EPSS
Exploits0References1
Hacker One
Hacker Oneadded 2017/07/19 12:59 p.m.21 views

Legal Robot: Missing Issuer parameter on TOTP 2FA

During our 2FA challenge, a security researcher discovered that the Issuer parameter was not set in the TOTP URL that gets turned into a QR Code. While there is no direct security impact, it does make 2FA software tokens more difficult to manage...

1.5AI score
Exploits0
Atlassian
Atlassianadded 2010/04/13 3:26 p.m.22 views

Allow user accounts to require two-factor authentication using RFC 4226

New feature request. In light of the recent security hack at Apache, it might be prudent for JIRA to provide some more secure options for user authentication. One candidate is two-factor authentication using the RFC 4226 OATH/HOTP|http://en.wikipedia.org/wiki/HOTP standard. This requires the user...

0.9AI score
Exploits0Affected Software1
Rows per page
Query Builder