1836 matches found
PYSEC-2024-202
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...
CVE-2024-51493
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...
CVE-2024-51493 API key access in settings without reauthentication in OctoPrint
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...
CVE-2024-51493 API key access in settings without reauthentication in OctoPrint
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...
CVE-2024-51493 API key access in settings without reauthentication in OctoPrint
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...
CVE-2024-51493
CVE-2024-51493 (OctoPrint) affects OctoPrint up to version 1.10.2. An attacker who gains temporary control of an authenticated victim’s browser session can retrieve/recreate/delete the user’s API key (and, if admin, the global API key) without reauthentication, enabling API access or workflow dis...
GHSA-CC6X-8CC7-9953 OctoPrint has API key access in settings without reauthentication
Impact OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user's or - if the victim has admin permissions - the global API key...
OctoPrint has API key access in settings without reauthentication
Impact OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user's or - if the victim has admin permissions - the global API key...
CVE-2024-51492 Zusam vulnerable to stored XSS, allowing token theft via crafted SVG
Zusam is a free and open-source way to self-host private forums. Prior to version 0.5.6, specially crafted SVG files uploaded to the service as images allow for unrestricted script execution on raw image load. With certain payloads, theft of the target user’s long-lived session token is possible...
CVE-2024-10092 Download Monitor <= 5.0.12 - Missing Authorization to API Key Manipulation
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandleapikeyactions function in all versions up to, and including, 5.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and...
WordPress plugin Download Monitor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Download Monitor plugin <= 5.0.12 - Missing Authorization to API Key Manipulation vulnerability
Missing Authorization to API Key Manipulation vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Download Monitor versions = 5.0.12...
CVE-2024-9109
The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deleteoauthdata function in all versions up to, and including, 2.3.12. This makes it possible for authenticated attackers,...
CVE-2024-9109
CVE-2024-9109 affects the WordPress plugin “WooCommerce UPS Shipping – Live Rates and Access Points” up to version 2.3.11. The vulnerability stems from a missing capability check in the delete_oauth_data function, allowing authenticated attackers with Subscriber-level access or higher to delete t...
CVE-2024-9109 UPS Live Rates and Access Points <= 2.3.12 - Missing Authorization to Plugin API key reset
The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deleteoauthdata function in all versions up to, and including, 2.3.12. This makes it possible for authenticated attackers,...
CVE-2024-9109 UPS Live Rates and Access Points <= 2.3.12 - Missing Authorization to Plugin API key reset
The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deleteoauthdata function in all versions up to, and including, 2.3.12. This makes it possible for authenticated attackers,...
PT-2024-39436 · WordPress · Woocommerce Ups Shipping – Live Rates/Access Points
Name of the Vulnerable Software and Affected Versions: WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress versions up to, and including, 2.3.11 Description: The issue allows authenticated attackers with Subscriber-level access and above to delete the plugin's API key due...
Nagios XI < 2024R1 API Key Security
According to the self-reported version of Nagios XI, the remote host is affected by a vulnerability related to the generation of API keys. Nagios XI before 5.11.3 2024R1 was discovered to improperly handle API keys generation randomly-generated, allowing attackers to possibly generate the same se...
CVE-2023-7289
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytiumswsaveapikeys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level...
CVE-2023-7289
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytiumswsaveapikeys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level...