CVE-2025-5018

The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hsupdateaichatsettings and hivelitesupportgetallbinbox functions in all versions up to, and including, 1.2.5. This makes it possible for authenticated...

CVE-2025-5018

CVE-2025-5018 affects the WordPress Hive Support plugin (<= 1.2.4; Patch references include

CVE-2025-5018 Hive Support <= 1.2.5 - Authenticated (Subscriber+) Missing Authorization via hs_update_ai_chat_settings and hive_lite_support_get_all_binbox

The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hsupdateaichatsettings and hivelitesupportgetallbinbox functions in all versions up to, and including, 1.2.5. This makes it possible for authenticated...

PT-2025-24033 · WordPress · Hive Support

Name of the Vulnerable Software and Affected Versions: Hive Support plugin for WordPress affected versions not specified Description: The issue concerns unauthorized access and modification of data due to a missing capability check. This allows for an authentication bypass, enabling unauthorized...

Cross-site Scripting (XSS)

github.com/forceu/gokapi is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the API key renaming feature, which allowed authenticated users to inject JavaScript that would execute when another user accessed the API tab...

CVE-2025-48495

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0,...

GHSA-4XG4-54HM-9J77 Gokapi has stored XSS vulnerability in friendly name for API keys

Impact By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. With the affected versions v2.0, there was no user permission system implemented, therefore all authenticated...

CVE-2025-48495

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0,...

CVE-2025-48495 Gokapi has stored XSS vulnerability in friendly name for API keys

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0,...

Gokapi 安全漏洞

Gokapi is a lightweight, self-hosted Firefox sending alternative from Marc Bulling Personal Developer. A security vulnerability exists in Gokapi versions prior to 2.0.0, which stems from a cross-site scripting attack that may result from the injection of JavaScript code when renaming API key...

CVE-2025-48491

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...

CVE-2025-48491

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...

CVE-2025-48491 Project AI API Key Exposure in Source Code

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...

CVE-2025-48491 Project AI API Key Exposure in Source Code

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...

CVE-2025-48491 Project AI API Key Exposure in Source Code

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...

CVE-2025-48491

CVE-2025-48491 affects Project AI, a platform for creating AI agents. The root cause is a hardcoded API key present in the source code before the pre‑beta version. The issue has been patched in the pre‑beta version, mitigating exposure. Public details in connected documents confirm this remediati...

PT-2025-23241 · Unknown · Project Ai

Name of the Vulnerable Software and Affected Versions: Project AI versions prior to pre-beta Description: The issue concerns a hardcoded API key present in the source code of Project AI, a platform for creating AI agents. This problem has been resolved in the pre-beta version. Recommendations: Fo...

CVE-2024-8675

The Soumettre.fr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the soumettredisconnectgateway function in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2024-40703

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks...

CVE-2024-32466

Tolgee is an open-source localization platform. For the /v2/projects/translations and /v2/projects/projectId/translations endpoints, translation data was returned even when API key was missing translation.view scope. However, it was impossible to fetch the data when user was missing this scope. S...