1836 matches found
openSUSE: Security Advisory for python (openSUSE-SU-2023:0334-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-28088
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...
CVE-2024-28088
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...
PT-2024-22256 · Langchain · Langchain
Name of the Vulnerable Software and Affected Versions: LangChain versions 0.1.10 and earlier Description: The issue allows an actor who can control the final part of the path parameter in a load chain call to perform ../ directory traversal. This bypasses the intended behavior of loading...
CVE-2024-25635
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...
Design/Logic Flaw
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...
CVE-2024-25635 IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...
CVE-2024-25635
CVE-2024-25635 affects alf.io prior to 2.0-Mr-2402, where an IDOR flaw in the /admin/api/users/ endpoint allows organization owners to view other org owners’ API KEYs and USERS. Root cause: improper access control on user data exposure; consequence is potential leakage of API credentials and sens...
CVE-2024-25635 IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...
CVE-2024-25635 IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...
Mozilla: paypal client_id And stripe api key indexed on web archive
The paypal clientid and stripe API key have been indexed on the web archive, exposing sensitive data...
PT-2024-21055 · Alf.Io · Alf.Io
Name of the Vulnerable Software and Affected Versions: alf.io versions prior to 2.0-Mr-2402 Description: The issue allows organization owners to view the generated API KEY and USERS of other organization owners. This is achieved through the "http://192.168.26.128:8080/admin/api/users/" endpoint,...
CVE-2023-6959
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptchaapikeymanage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level acce...
Antisquat - Leverages AI Techniques Such As NLP, ChatGPT And More To Empower Detection Of Typosquatting And Phishing Domains
AntiSquat leverages AI techniques such as natural language processing NLP, large language models ChatGPT and more to empower detection of typosquatting and phishing domains. How to use Clone the project via git clone https://github.com/redhuntlabs/antisquat. Install all dependencies by typing pip...
CVE-2024-23453
Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service...
Hardcoded credentials
Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service...
CVE-2024-23453
Android Spoon app (versions 7.11.1–8.6.0) contains a hard-coded API key that can be retrieved by reverse-engineering the binary, enabling unauthorized access to an external service. Root cause: embedded credentials in the mobile app. Impact: local attacker could obtain the API key; impact consist...
CVE-2024-23453
Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service...
CVE-2024-23453
Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service...
Information Exposure
Dependency-Check Core is vulnerable to Information Exposure Through Log Files. The vulnerability is due to the logging of sensitive information when in debug mode. An attacker with access to debug logs could potentially retrieve the NVD API Key and use it to perform arbitrary actions...