Lucene search
K

CVE-2025-10560

🗓️ 18 Jun 2026 08:32:14Reported by SEC-VLabType 
cve
 cve
🔗 web.nvd.nist.gov👁 26 Views🌐 WEB

Hardcoded cloud credentials in Worksnaps client binaries prior to 1.6.20260201 exposed AWS access keys and bucket names, enabling access to production cloud resources and sensitive data.

Related
Affected
Refs
Paths
[
  {
    "vendor": "Silver Leaf Technologies, Inc.",
    "product": "Worksnaps.net Worksnaps",
    "versions": [
      {
        "status": "affected",
        "version": "Worksnaps before 1.6.20260201"
      }
    ],
    "defaultStatus": "unaffected"
  }
]
ParameterPositionPathDescriptionCWE
actionrequest bodymys3/dispatcher.phpEndpoint used to obtain AWS S3 credentials for screenshot upload; when used insecurely, it can reveal hardcoded AWS credentials to the attacker.CWE-798
typerequest bodymys3/dispatcher.phpEndpoint used to obtain AWS S3 credentials for screenshot upload; when used insecurely, it can reveal hardcoded AWS credentials to the attacker.CWE-798
usernamerequest bodymys3/dispatcher.phpEndpoint used to obtain AWS S3 credentials for screenshot upload; when used insecurely, it can reveal hardcoded AWS credentials to the attacker.CWE-798
mytimerequest bodymys3/dispatcher.phpEndpoint used to obtain AWS S3 credentials for screenshot upload; when used insecurely, it can reveal hardcoded AWS credentials to the attacker.CWE-798
versionrequest bodymys3/dispatcher.phpEndpoint used to obtain AWS S3 credentials for screenshot upload; when used insecurely, it can reveal hardcoded AWS credentials to the attacker.CWE-798
buildrequest bodymys3/dispatcher.phpEndpoint used to obtain AWS S3 credentials for screenshot upload; when used insecurely, it can reveal hardcoded AWS credentials to the attacker.CWE-798
tokenrequest bodymys3/dispatcher.phpEndpoint used to obtain AWS S3 credentials for screenshot upload; when used insecurely, it can reveal hardcoded AWS credentials to the attacker.CWE-798
brandingrequest bodymys3/dispatcher.phpEndpoint used to obtain AWS S3 credentials for screenshot upload; when used insecurely, it can reveal hardcoded AWS credentials to the attacker.CWE-798
computernamerequest bodymys3/dispatcher.phpEndpoint used to obtain AWS S3 credentials for screenshot upload; when used insecurely, it can reveal hardcoded AWS credentials to the attacker.CWE-798
osrequest bodymys3/dispatcher.phpEndpoint used to obtain AWS S3 credentials for screenshot upload; when used insecurely, it can reveal hardcoded AWS credentials to the attacker.CWE-798
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation