1825 matches found
PT-2025-43593
Name of the Vulnerable Software and Affected Versions Quickcreator – AI Blog Writer plugin for WordPress versions 0.0.9 through 0.1.17 Description The Quickcreator – AI Blog Writer plugin for WordPress is susceptible to exposure of sensitive information. An unauthenticated attacker can access the...
PT-2025-43591
Name of the Vulnerable Software and Affected Versions Check Plagiarism plugin for WordPress versions up to and including 2.0 Description The Check Plagiarism plugin for WordPress has an issue where data can be modified without authorization. This is due to a missing capability check within the ch...
EUVD-2025-33787
Vulnerability in Drupal API Key manager.This issue affects API Key manager:...
CVE-2025-9553
Technical details about CVE-2025-9553 are not publicly available in the provided documents. Monitor for updates; sources describe a vulnerability in Drupal API Key manager but do not specify affected versions, remediation, or exploit details.
CVE-2025-10281
BBOT's gitclone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL...
CVE-2025-10282
BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...
GHSA-63WH-P5FX-H4VC BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver
Summary Due to unsafe URL handling, bbot's gitclone.py can be made to leak a user's github.com API key to an attacker-controlled webserver. Impact A user who has placed their github.com API key in the configuration for any of the following modules: githubcodesearch githubworkflows gitlab gitclone...
EUVD-2025-33396
BBOT's gitclone.py can expose users' GitHub API keys to an attacker-controlled webserver...
CVE-2025-61928 Better Auth: Unauthenticated API key creation through api-key plugin
Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can create or modify API keys for any user by passing that user's id in the request body to the api/auth/api-key/create route. session?.user ?? authRequired ? null : i...
CVE-2025-61928 Better Auth: Unauthenticated API key creation through api-key plugin
Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can create or modify API keys for any user by passing that user's id in the request body to the api/auth/api-key/create route. session?.user ?? authRequired ? null : i...
CVE-2025-61928
CVE-2025-61928 affects Better Auth (TypeScript) prior to version 1.3.26. The vulnerability allows unauthenticated attackers to create or modify API keys for any user by supplying the target user’s id in the request body to api/auth/api-key/create (and similarly in the update endpoint). The issue ...
CVE-2025-10281
BBOT's gitclone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL...
CVE-2025-10282 GitLab Domain Confusion in gitlab Leaks API Key
BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...
CVE-2025-10282 GitLab Domain Confusion in gitlab Leaks API Key
BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...
CVE-2025-10281
BBOT’s git_clone vulnerability stems from unsafe URL handling that can cause exposure of GitHub API keys to an attacker-controlled server when processing a specially crafted git URL. The CVE description and multiple advisories (Red Hat, GHSA, EUVD, OSV, NVD, CVELIST, and Snyk) consistently refere...
CVE-2025-10281 Insecure URL Handling in git_clone Leading to Leaked API Key
BBOT's gitclone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL...
Better Auth: Unauthenticated API key creation through api-key plugin
Summary A critical authentication bypass was identified in the API key creation and update endpoints. An attacker could create or modify API keys for arbitrary users by supplying a victim’s user ID in the request body. Due to a flaw in how the authenticated user was derived, the endpoints could...
PT-2025-41497
Name of the Vulnerable Software and Affected Versions Better Auth versions prior to 1.3.26 Description Better Auth is an authentication and authorization library for TypeScript. A critical authentication bypass allows unauthenticated attackers to create or modify API keys for any user. This is...
EUVD-2020-18732
Malware in sbrugna...
EUVD-2021-15884
Malware in sbrugna...