1828 matches found
Google Sheets data source plugin for Grafana information disclosure vulnerability
Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...
CVE-2023-4457
Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...
Information disclosure
Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...
CVE-2023-4457
Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...
CVE-2023-4457
Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...
OPENSUSE-SU-2023:0279-1 Security update for python-bugzilla
This update for python-bugzilla fixes the following issues: - Fixed potential API Key leak boo1215718...
Security update for python-bugzilla (important)
openSUSE Security Update: Security update for python-bugzilla Announcement ID: openSUSE-SU-2023:0279-1 Rating: important References: 1215718 Affected Products: openSUSE Backports SLE-15-SP4 An update that contains security fixes can now be installed. Description: This update for python-bugzilla...
PT-2023-35511 · Unknown · Python-Bugzilla
Name of the Vulnerable Software and Affected Versions: python-bugzilla affected versions not specified Description: The issue concerns a potential API Key leak. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world...
Exploit for PHP External Variable Modification in Juniper Junos
Juniper Scanner Scanner for CVE-2023-36845 by bt0 More inform...
Frontegg: PATCH method manipulation allowing the users to escalate their functionalities and edit (upgrade/downgrade) API Keys settings which is not allowed
The PATCH method allowed users to edit API key information, including the description, role IDs, and other settings, which was not intended functionality. This represented a broken access control vulnerability that enabled users to escalate their privileges and manipulate API keys beyond their...
Leyka < 3.30.7.1 - Subscriber+ Sensitive Information Disclosure
Description The plugin is vulnerable to Sensitive Information Exposure via the 'leykaajaxgetenvandoptions' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API key and password, PayPal Client Secret, and more...
CVE-2023-4917
The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.7 via the 'leykaajaxgetenvandoptions' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API...
Design/Logic Flaw
The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leykaajaxgetenvandoptions' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API...
CVE-2023-4917 Leyka <= 3.30.7 - Authenticated (Subscriber+) Sensitive Information Exposure
The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.7 via the 'leykaajaxgetenvandoptions' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API...
CVE-2023-4917 Leyka <= 3.30.7 - Authenticated (Subscriber+) Sensitive Information Exposure
The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.7 via the 'leykaajaxgetenvandoptions' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API...
SQL injection and Authentication bypass
Description The validApiKey middleware, which is responsible for verifying API keys provided in the request's Authorization header, is susceptible to SQL injection. This vulnerability can potentially lead to an authentication bypass, granting unauthorized access to API endpoints. NOTE: It's worth...
CVE-2023-4209
The POEditor WordPress plugin before 0.9.8 does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its API key via CSRF attacks...
CVE-2023-4209
The POEditor WordPress plugin before 0.9.8 does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its API key via CSRF attacks...
Cross site request forgery (csrf)
The POEditor WordPress plugin before 0.9.8 does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its API key via CSRF attacks...
CVE-2023-4209 POEditor < 0.9.8 - Settings Reset via CSRF
The POEditor WordPress plugin before 0.9.8 does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its API key via CSRF attacks...