17 matches found
EUVD-2023-24217
Malicious code in bioql PyPI...
EUVD-2024-50576
Malicious code in bioql PyPI...
CVE-2023-20038
A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the...
CVE-2022-2546
The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wmexport AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response...
CVE-2024-12078
ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key...
CVE-2024-48952
An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints...
PT-2024-33294 · Logpoint · Logpoint
Name of the Vulnerable Software and Affected Versions: Logpoint versions prior to 7.5.0 Description: An issue was discovered in Logpoint where SOAR uses a static JWT secret key to generate tokens, allowing access to SOAR API endpoints without authentication. This enables attackers to create custo...
Design/Logic Flaw
The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wmexport AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response...
CVE-2022-2546 All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS
The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wmexport AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response...
CVE-2022-2546 All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS
The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wmexport AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response...
The vulnerability of the Cisco Industrial Network Director software lies in its ability to access a static secret key, allowing an intruder to gain access to all controlled systems.
The vulnerability of the Cisco Industrial Network Director software package relates to the possibility of accessing a static secret key. Exploiting this vulnerability could allow an attacker to gain access to all controlled systems...
CVE-2023-20038
A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the...
CVE-2023-20038
A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the...
CVE-2023-20038
A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the...
CVE-2023-20038
A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the...
CVE-2023-20038
CVE-2023-20038 affects Cisco Industrial Network Director (IND). The issue is a static secret key used to encrypt application data and remote credentials, stored in the monitoring application. An authenticated, local attacker with access to the host could decrypt data to access remote systems moni...
PT-2023-1148 · Cisco · Cisco Industrial Network Director
Name of the Vulnerable Software and Affected Versions: Cisco Industrial Network Director affected versions not specified Description: A vulnerability in the monitoring application could allow an authenticated, local attacker to access a static secret key used to store both local data and...