Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
secret vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-23816
A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All ver...
9.8
CVSSv3
CVE-2023-28897
The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.
Skoda-auto Superb 3 Firmware 2022
9.8
CVSSv3
CVE-2023-46741
CubeFS is an open-source cloud-native file storage system. A vulnerability was found in CubeFS prior to version 3.3.1 that could allow users to read sensitive data from the logs which could allow them escalate privileges. CubeFS leaks configuration keys in plaintext format in the...
Linuxfoundation Cubefs
9.8
CVSSv3
CVE-2023-33236
MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs.
Moxa Mxsecurity 1.0
9.8
CVSSv3
CVE-2023-26089
European Chemicals Agency IUCLID 6.x prior to 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 up to and including 6.27.5.
Echa.europa Iuclid
9.8
CVSSv3
CVE-2023-27524
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an malicious user to authenticate and access unauthorized resources. This does ...
Apache Superset
20 Github repositories
1 Article
9.8
CVSSv3
CVE-2023-22495
Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token (JW...
Maif Izanami
9.8
CVSSv3
CVE-2022-37109
patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a ...
Camp Project Camp
1 Github repository
9.8
CVSSv3
CVE-2022-44796
An issue exists in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce crypt...
Objectfirst Object First
9.8
CVSSv3
CVE-2022-35540
Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote malicious users to use the generated JWT token to gain administrator access.
Dotnetcore Agileconfig
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »