Lucene search
K

15 matches found

CVE
CVE
added 2026/07/01 5:48 p.m.26 views

CVE-2026-50160

Hoppscotch self-hosted deployments (Hoppscotch-backend

10CVSS6.1AI score0.0059EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.7 views

CVE-2026-25538

Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...

8.8CVSS5.4AI score0.00393EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 3:20 a.m.3 views

GO-2026-4416 Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage in github.com/devtron-labs/devtron

Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage in github.com/devtron-labs/devtron...

8.8CVSS5.4AI score0.00393EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/04 10:4 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the attribute handling logic in restHandler/AttributesRestHandlder.go‎, which is accessible over the /attributes endpoint with /orchestrator/attributes?key=apiTokenSecret. A user can obtain the global API Token...

8.8CVSS6.7AI score0.00393EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/04 9:37 p.m.34 views

CVE-2026-25538 Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage

Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...

8.7CVSS0.00393EPSS
Exploits1References2
CVE
CVE
added 2026/02/04 9:37 p.m.22 views

CVE-2026-25538

Devtron CVE-2026-25538 affects the open-source Devtron Kubernetes integration platform (versions up to 2.0.0). A vulnerability in the Attributes API interface allows any authenticated user to access /orchestrator/attributes?key=apiTokenSecret, exposing the global API Token signing key. With the k...

8.8CVSS5.5AI score0.00393EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/04 7:46 p.m.3 views

GHSA-8WPC-J9Q9-J5M2 Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage

Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage Summary This vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...

8.7CVSS5.9AI score0.00393EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/04 7:46 p.m.6 views

Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage

Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage Summary This vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...

8.8CVSS5.9AI score0.00393EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.6 views

PT-2026-6317

Name of the Vulnerable Software and Affected Versions Devtron versions prior to 2.0.0 Description Devtron is a tool integration platform for Kubernetes. A flaw exists in the Attributes API interface that allows authenticated users to obtain the global API Token signing key by accessing the...

8.7CVSS5.6AI score0.00393EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/01/21 8:22 p.m.5 views

CVE-2026-0622

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

6.5CVSS5.4AI score0.00408EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 7:56 p.m.4 views

CVE-2026-0622

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

6.5CVSS5.3AI score0.00408EPSS
Exploits0References4
OSV
OSV
added 2026/01/20 7:56 p.m.5 views

CVE-2026-0622 Open 5GS WebUI uses a hard-coded JWT signing key

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

6.5CVSS6.1AI score0.00408EPSS
Exploits0References6
NVD
NVD
added 2025/09/05 12:15 a.m.9 views

CVE-2025-55739

api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© PBX. In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple systems that installed the same FreePBX RPM or DEB package. An...

5.1CVSS0.00497EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 5:51 a.m.5 views

CVE-2023-22463

KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermor...

9.8CVSS7AI score0.69667EPSS
Exploits1References1
OSV
OSV
added 2024/05/15 8:15 p.m.4 views

CVE-2024-33625

CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication...

9.8CVSS5.8AI score0.00523EPSS
Exploits0References2
Rows per page
Query Builder