Use of hard-coded cryptographic keys in getmaxun maxun up to version 0.0.28 allows remote unauthenticated attackers to manipulate the api_key parameter in the authentication route, potentially disclosing sensitive information with high attack complexity. Publicly available exploit code exists, though EPSS scoring (0.07%) and vendor non-responsiveness suggest limited real-world exploitation pressure despite confirmed POC availability.
Actiontech SQLE up to version 4.2511.0 uses a hard-coded cryptographic key in its JWT Secret Handler (sqle/utils/jwt.go), allowing remote attackers with no authentication or user interaction to gain limited information disclosure. The vulnerability results from improper handling of the JWTSecretKey argument, though exploitation is rated as difficult due to high attack complexity. Publicly available exploit code exists, and the vendor has committed to addressing this in an upcoming release.
Improper authorization in getmaxun maxun up to version 0.0.28 allows authenticated remote attackers to access unauthorized resources via manipulation of the authentication endpoint router in server/src/routes/auth.ts, with publicly available exploit code and an EPSS score of 0.15% indicating low real-world exploitation probability despite confirmed public disclosure.
Unrestricted file upload in jackq XCMS allows high-privilege authenticated users to upload arbitrary files via the ProductImageController component, with publicly available exploit code disclosed. Despite a CVSS score of 2.0 reflecting the high authentication requirement (PR:H), the vulnerability enables authenticated administrators to bypass intended upload restrictions and potentially achieve remote code execution by uploading malicious files. The vendor has been informed via public issue report but has not yet responded with a fix.
A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
PandaX JWT Secret Handler uses hard-coded cryptographic keys in the config.yml file, allowing remote attackers to bypass authentication and decrypt sensitive JWT tokens with high attack complexity. The vulnerability affects the product up to commit fb8ff40f7ce5dfebdf66306c6d85625061faf7e5, and although public exploit code exists, the extremely low EPSS score (0.05%) and high attack complexity suggest limited real-world exploitation despite network accessibility.