28Hus

**Name of the Vulnerable Software and Affected Versions** PandaXGO PandaX versions prior to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5 **Description** A security issue exists in PandaXGO PandaX related to the JWT Secret Handler component. The issue involves the manipulation of the `key` argument within the file `config.yml`, leading to the use of a hard-coded cryptographic key. This allows for remote attacks with high complexity and difficult exploitability. The exploit is publicly available. Increased actor activity targeting this issue has been observed. **Recommendations** Versions prior to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SiYuan versions prior to 3.5.1 **Description** SiYuan Note application uses a hardcoded cryptographic secret for its session store, making session encryption ineffective. The AccessAuthCode, stored in the session cookie, can be decrypted by an attacker who obtains the encrypted session cookie. This allows the attacker to retrieve the AccessAuthCode in plain text and potentially authenticate or take over the session. **Recommendations** Update to a version later than 3.5.1.

**Name of the Vulnerable Software and Affected Versions** getmaxun versions up to 0.0.28 **Description** A security flaw exists in getmaxun maxun up to version 0.0.28. The issue involves manipulation of the `api key` argument within an unknown function located in the file '/getmaxun/maxun/blob/develop/server/src/routes/auth.ts', leading to the use of a hard-coded cryptographic key. Remote exploitation is possible, but is considered difficult due to the high complexity. The exploit has been publicly released. The vendor was contacted but did not respond. **Recommendations** Versions prior to 0.0.28 should be used.

**Name of the Vulnerable Software and Affected Versions** getmaxun versions prior to 0.0.28 **Description** A weakness exists in the Authentication Endpoint component of getmaxun. Specifically, the `router.get` function within the `server/src/routes/auth.ts` file is susceptible to improper authorization due to manipulation. This issue can be exploited remotely. The exploit is publicly available. The vendor was notified of this issue but did not respond. **Recommendations** Versions prior to 0.0.28 should be updated. As a temporary workaround, consider disabling the `router.get` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** actiontech sqle versions up to 4.2511.0 **Description** A security issue has been identified in actiontech sqle. The issue resides in an unknown function within the `sqle/utils/jwt.go` file of the JWT Secret Handler component. Manipulation of the `JWTSecretKey` argument results in the use of a hard-coded cryptographic key. This issue is remotely exploitable and is considered difficult to exploit. The vulnerability has been publicly disclosed. **Recommendations** actiontech sqle versions up to 4.2511.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** simstudioai sim versions prior to 0.5.27 **Description** A flaw exists in simstudioai sim up to version 0.5.27 related to improper authentication. The issue resides within the CRON Secret Handler component, specifically in the file `apps/sim/lib/auth/internal.ts`. Manipulation of the `INTERNAL API SECRET` argument can lead to unauthorized access. The exploit is publicly available. **Recommendations** Apply the patch with identifier e359dc2946b12ed5e45a0ec9c95ecf91bd18502a.

**Name of the Vulnerable Software and Affected Versions** MartialBE one-hub versions up to 0.14.27 **Description** A security issue exists in MartialBE one-hub related to the use of a hard-coded cryptographic key. The issue stems from the manipulation of the `SESSION SECRET` argument within the `docker-compose.yml` file. This allows for potential remote exploitation, though the complexity is considered high and exploitability is difficult. The exploit has been publicly disclosed. **Recommendations** Change the configuration settings. Carefully check and modify every configuration and environment variable if using the default docker-compose example file in a production environment.

**Name of the Vulnerable Software and Affected Versions** opsre go-ldap-admin versions prior to 20251011 **Description** A security issue exists in opsre go-ldap-admin. The problem relates to the processing of the file `docs/docker-compose/docker-compose.yaml` within the JWT Handler component. Manipulation of the `secret key` argument can result in the use of a hard-coded cryptographic key. This attack can be initiated remotely and is considered highly complex with difficult exploitability. The exploit details have been publicly disclosed and may be used maliciously. **Recommendations** Update opsre go-ldap-admin to a version later than 20251011.

**Name of the Vulnerable Software and Affected Versions** nocobase versions 1.9.4 and 2.0.0-alpha.37 **Description** A security issue exists in nocobase that allows for remote attacks with high complexity and difficult exploitability. The issue involves the manipulation of the `API KEY` argument within an unknown function in the file `nocobasepackagescoreauthsrcbasejwt-service.ts` of the JWT Service component, leading to the use of a hard-coded cryptographic key. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** Versions prior to 1.9.4 and 2.0.0-alpha.37 should be updated.