Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

37 matches found

RedhatCVE
RedhatCVEadded 3 days ago5 views

CVE-2026-4387

StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...

2CVSS5.9AI score0.00008EPSS
Exploits0References1
NVD
NVDadded 6 days ago10 views

CVE-2026-4387

StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...

2CVSS0.00008EPSS
Exploits0References2
Cvelist
Cvelistadded 6 days ago23 views

CVE-2026-4387 Unencrypted storage of authentication state in StrongDM Desktop Application state.kv file

StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...

2CVSS0.00008EPSS
Exploits0References2
EUVD
EUVDadded 6 days ago11 views

EUVD-2026-33417

StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...

2CVSS5.9AI score0.00008EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 6 days ago5 views

CVE-2026-4387

StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...

2CVSS5.9AI score0.00008EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 6 days ago7 views

CVE-2026-4387 Unencrypted storage of authentication state in StrongDM Desktop Application state.kv file

StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...

2CVSS5.9AI score0.00008EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 6 days ago7 views

PT-2026-44973

Name of the Vulnerable Software and Affected Versions StrongDM Desktop Application versions prior to 23.74.0 StrongDM Desktop Client versions prior to 53.77.0 Description On Microsoft Windows, the software stores authentication state in cleartext within a per-user state file located at...

2CVSS5.8AI score0.00008EPSS
Exploits0References13
CNNVD
CNNVDadded 6 days ago5 views

StrongDM 安全漏洞

StrongDM is an infrastructure access management platform developed by the US company StrongDM. Versions of StrongDM prior to 23.74.0 contained security vulnerabilities. These vulnerabilities stemmed from the storage of authentication status in plaintext, including JSON Web Tokens and key material...

2CVSS5.8AI score0.00008EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2025-25352

Malicious code in bioql PyPI...

8.5CVSS6.6AI score0.00014EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-25348

Malicious code in bioql PyPI...

7CVSS6.6AI score0.00041EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-25349

Malicious code in bioql PyPI...

8.5CVSS6.6AI score0.00019EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-25351

Malicious code in bioql PyPI...

8.5CVSS6.6AI score0.00041EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/08/22 5:32 p.m.2 views

CVE-2025-6180

The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition...

8.5CVSS6.6AI score0.00014EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/08/22 5:32 p.m.3 views

CVE-2025-6183

The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could potentially modify macOS system configuration by crafting a malicious JSON message...

7CVSS6.3AI score0.00041EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/08/22 5:31 p.m.2 views

CVE-2025-6181

The StrongDM Windows service incorrectly handled input validation. Authenticated attackers could potentially exploit this leading to privilege escalation...

8.5CVSS6.4AI score0.00041EPSS
Exploits0References1
NVD
NVDadded 2025/08/20 5:15 p.m.2 views

CVE-2025-6181

The StrongDM Windows service incorrectly handled input validation. Authenticated attackers could potentially exploit this leading to privilege escalation...

8.5CVSS0.00041EPSS
Exploits0References1
NVD
NVDadded 2025/08/20 5:15 p.m.2 views

CVE-2025-6182

The StrongDM Windows service incorrectly handled communication related to system certificate management. Attackers could exploit this behavior to install untrusted root certificates or remove trusted ones...

8.5CVSS0.00019EPSS
Exploits0References1
NVD
NVDadded 2025/08/20 5:15 p.m.3 views

CVE-2025-6183

The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could potentially modify macOS system configuration by crafting a malicious JSON message...

7CVSS0.00041EPSS
Exploits0References1
NVD
NVDadded 2025/08/20 5:15 p.m.2 views

CVE-2025-6180

The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition...

8.5CVSS0.00014EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/08/20 4:45 p.m.6 views

CVE-2025-6183 Configd Injection

The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could potentially modify macOS system configuration by crafting a malicious JSON message...

7CVSS0.00041EPSS
Exploits0References1
Rows per page
Query Builder