Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2023-24217

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00161EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-50576

Malicious code in bioql PyPI...

6.3CVSS6.6AI score0.00321EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:45 a.m.6 views

CVE-2023-20038

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the...

8.8CVSS6.5AI score0.00161EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:54 p.m.11 views

CVE-2022-2546

The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wmexport AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response...

4.7CVSS6.7AI score0.01204EPSS
Exploits3References1
NVD
NVD
added 2025/01/23 5:15 p.m.19 views

CVE-2024-12078

ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key...

6.3CVSS0.00321EPSS
Exploits1References2
OSV
OSV
added 2024/11/07 5:15 p.m.2 views

CVE-2024-48952

An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints...

6.4CVSS5.8AI score0.00271EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/07 12:0 a.m.4 views

PT-2024-33294 · Logpoint · Logpoint

Name of the Vulnerable Software and Affected Versions: Logpoint versions prior to 7.5.0 Description: An issue was discovered in Logpoint where SOAR uses a static JWT secret key to generate tokens, allowing access to SOAR API endpoints without authentication. This enables attackers to create custo...

6.4CVSS7.2AI score0.00271EPSS
Exploits0References7
Prion
Prion
added 2023/02/02 9:15 a.m.25 views

Design/Logic Flaw

The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wmexport AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response...

4CVSS5.1AI score0.01204EPSS
Exploits3References1Affected Software1
Cvelist
Cvelist
added 2023/02/02 8:28 a.m.38 views

CVE-2022-2546 All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS

The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wmexport AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response...

5.4AI score0.01204EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2023/02/02 8:28 a.m.10 views

CVE-2022-2546 All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS

The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wmexport AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response...

4.8AI score0.01204EPSS
Exploits3References1
BDU FSTEC
BDU FSTEC
added 2023/01/25 12:0 a.m.7 views

The vulnerability of the Cisco Industrial Network Director software lies in its ability to access a static secret key, allowing an intruder to gain access to all controlled systems.

The vulnerability of the Cisco Industrial Network Director software package relates to the possibility of accessing a static secret key. Exploiting this vulnerability could allow an attacker to gain access to all controlled systems...

8.8CVSS7.6AI score0.00161EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/01/20 7:15 a.m.4 views

CVE-2023-20038

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the...

8.8CVSS5.8AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 2023/01/20 7:15 a.m.20 views

CVE-2023-20038

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the...

8.8CVSS8.5AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/19 1:34 a.m.28 views

CVE-2023-20038

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the...

8.8CVSS8.6AI score0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/19 1:34 a.m.13 views

CVE-2023-20038

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the...

8.8CVSS6.8AI score0.00161EPSS
Exploits0References1
CVE
CVE
added 2023/01/19 1:34 a.m.84 views

CVE-2023-20038

CVE-2023-20038 affects Cisco Industrial Network Director (IND). The issue is a static secret key used to encrypt application data and remote credentials, stored in the monitoring application. An authenticated, local attacker with access to the host could decrypt data to access remote systems moni...

8.8CVSS8.3AI score0.00161EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/19 12:0 a.m.6 views

PT-2023-1148 · Cisco · Cisco Industrial Network Director

Name of the Vulnerable Software and Affected Versions: Cisco Industrial Network Director affected versions not specified Description: A vulnerability in the monitoring application could allow an authenticated, local attacker to access a static secret key used to store both local data and...

8.8CVSS8.2AI score0.00161EPSS
Exploits0References3
Rows per page
Query Builder