Maxun
Monthly
Improper authorization in getmaxun maxun up to version 0.0.28 allows authenticated remote attackers to access unauthorized resources via manipulation of the authentication endpoint router in server/src/routes/auth.ts, with publicly available exploit code and an EPSS score of 0.15% indicating low real-world exploitation probability despite confirmed public disclosure.
Use of hard-coded cryptographic keys in getmaxun maxun up to version 0.0.28 allows remote unauthenticated attackers to manipulate the api_key parameter in the authentication route, potentially disclosing sensitive information with high attack complexity. Publicly available exploit code exists, though EPSS scoring (0.07%) and vendor non-responsiveness suggest limited real-world exploitation pressure despite confirmed POC availability.
Improper authorization in getmaxun maxun up to version 0.0.28 allows authenticated remote attackers to access unauthorized resources via manipulation of the authentication endpoint router in server/src/routes/auth.ts, with publicly available exploit code and an EPSS score of 0.15% indicating low real-world exploitation probability despite confirmed public disclosure.
Use of hard-coded cryptographic keys in getmaxun maxun up to version 0.0.28 allows remote unauthenticated attackers to manipulate the api_key parameter in the authentication route, potentially disclosing sensitive information with high attack complexity. Publicly available exploit code exists, though EPSS scoring (0.07%) and vendor non-responsiveness suggest limited real-world exploitation pressure despite confirmed POC availability.