CVE-2023-28387

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service...

Hardcoded credentials

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service...

CVE-2023-28387

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service...

CVE-2023-28387

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service...

CVE-2023-28387

The CVE-2023-28387 entry concerns the NewsPicks mobile apps for Android (versions 10.4.5 and earlier) and iOS (versions 10.4.2 and earlier) that hard‑code credentials, enabling a local attacker to access app data and potentially obtain an API key for an external service. Affected components are t...

PT-2023-21688 · Unknown · Newspicks App

Name of the Vulnerable Software and Affected Versions: NewsPicks App for Android versions 10.4.5 and earlier NewsPicks App for iOS versions 10.4.2 and earlier Description: The issue is related to hard-coded credentials in the NewsPicks App, which may allow a local attacker to analyze data in the...

CVE-2023-30993

IBM Cloud Pak for Security CP4S 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. IBM X-Force ID: 254136...

CVE-2023-30993

IBM Cloud Pak for Security CP4S 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. IBM X-Force ID: 254136...

CVE-2023-30993 IBM Cloud Pak for Security information disclosure

IBM Cloud Pak for Security CP4S 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. IBM X-Force ID: 254136...

CVE-2023-30993 IBM Cloud Pak for Security information disclosure

IBM Cloud Pak for Security CP4S 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. IBM X-Force ID: 254136...

PT-2023-23102 · Ibm · Ibm Cloud Pak For Security

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Security CP4S versions 1.9.0.0 through 1.9.2.0 Description: The issue allows an attacker with a valid API key for one tenant to access data from another tenant's account. Recommendations: For versions 1.9.0.0 through 1.9.2.0...

Fedora 37 : chromium (2023-f4954af225)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-f4954af225 advisory. update to 114.0.5735.106. Fixes the following security issue: CVE-2023-3709 Tenable has extracted the preceding description block directly from the...

Fedora 38 : chromium (2023-6fe7ff3452)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6fe7ff3452 advisory. update to 114.0.5735.106. Fixes the following security issue: CVE-2023-3709 Tenable has extracted the preceding description block directly from the...

CVE-2023-0443 AnyWhere Elementor < 1.2.8 - Freemius API Key Disclosure

The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked...

CVE-2023-0443 AnyWhere Elementor < 1.2.8 - Freemius API Key Disclosure

The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked...

This Week in Spring - May 30th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! This installment I write on the day of my daughter's High School graduation, an auspicious day indeed! There's a lot to get through this week, though, and I have a graduation to get to, so let's dive right in! Spring...

GetSimple CMS 3.3.16 Shell Upload

Exploit Title: GetSimple CMS v3.3.16 - Remote Code Execution RCE Data: 18/5/2023 Exploit Author : Youssef Muhammad Vendor: Get-simple Software Link: Version app: 3.3.16 Tested on: linux CVE: CVE-2022-41544 import sys import hashlib import re import requests from xml.etree import ElementTree from...

KoodousFinder - A Simple Tool To Allows Users To Search For And Analyze Android Apps For Potential Security Threats And Vulnerabilities

A simple tool to allows users to search for and analyze android apps for potential security threats and vulnerabilities Account and API Key Create a Koodous account and get your api key https://koodous.com/settings/developers Install $ pip install koodousfinder Arguments Param | description ---|-...

Security Bulletin: IBM Cloud Pak for Security (CP4S) could allow an attacker with a valid API key for one tenant to access data from another tenant's account. (CVE-2023-30993)

Summary IBM Cloud Pak for Security CP4S could allow an attacker with a valid API key for one tenant to access data from another tenant's account. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section...

API Token Disclosure

planet is vulnerable to API Token Disclosure. The vulnerability is due to insecure file permissions set on the secrets file containing the API key. Any user in the system is able to view the secret file, which stores the user's Planet API login token...