Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Veracode
Veracodeadded 2025/06/17 8:38 a.m.5 views

Use Of Insufficiently Random Values

vantage6 is vulnerable to Use of Insufficiently Random Values. The vulnerability is due to insecure randomness of UUID1 for auto-generating JWT secret keys, which is partially predictable and not cryptographically secure...

7.5CVSS6.4AI score0.00274EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2025/06/12 6:15 p.m.12 views

CVE-2025-43863

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...

9.8CVSS0.00316EPSS
Exploits0References1
CVE
CVEadded 2025/06/12 5:29 p.m.48 views

CVE-2025-43863

vantage6 contains a brute-force vulnerability in the change password flow when an attacker has an authenticated session. The issue arises from unlimited password-change attempts via the route, enabling password-guessing and account compromise. Multiple sources (CVEs, advisories, and vendor notes)...

9.8CVSS6.4AI score0.00316EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVEadded 2025/05/23 9:3 a.m.3 views

CVE-2024-32969

vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new users for which they know the passwords, and...

2.7CVSS6.7AI score0.00197EPSS
Exploits0References1
OSV
OSVadded 2023/11/14 9:15 p.m.5 views

PYSEC-2023-303

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. In affected versions a node does not check if an image is allowed to run if a parentid is set. A malicious party that breaches the server may modify it to set a...

8.8CVSS8.7AI score0.00325EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2023/10/11 12:0 a.m.1 views

PT-2023-28141 · Vantage6 · Vantage6

Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.0.0 Description: vantage6 is privacy preserving federated learning infrastructure. The endpoint "/api/collaboration/id/task" is used to collect all tasks from a certain collaboration. To get such tasks, a user...

5.4CVSS4.5AI score0.00145EPSS
Exploits0References15
vulnersOsv
vulnersOsvadded 2023/03/01 5:15 p.m.1 views

vantage6-node (>=3.3.3 <=3.7.3), vantage6-server (>=3.3.3 <=3.7.3) potentially affected by CVE-2022-39228 via vantage6 (>=3.3.3 <=3.7.3)

vantage6 PYPI version =3.3.3, =3.3.3, =3.3.3, =3.7.3 Source cves: CVE-2022-39228 Source advisory: OSV:PYSEC-2023-52...

6.5CVSS6.5AI score0.0028EPSS
Exploits0
Rows per page
Query Builder