1836 matches found
Information Disclosure
org.elasticsearch.plugin: x-pack-security is vulnerable to Information Disclosure. The vulnerability arises from the failure to enforce search restrictions during cross-cluster searches when an API key grants both search and replication rights to an index, which allows an attacker to access...
Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions
It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...
CVE-2024-23445
It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...
CVE-2024-23445
It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...
CVE-2024-23445 Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions
It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...
CVE-2024-23445 Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions
It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...
CVE-2023-28775 WordPress Yoast SEO Premium plugin <= 20.4 - Unauthenticated Zapier API Key Reset vulnerability
Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through 20.4...
SQL Injection
litellm is vulnerable to SQL Injection. The vulnerability is due to improper neutralization of special elements in an SQL command within the /global/spend/logs endpoint, where the apikey parameter is concatenated directly into the query without validation. Successful exploitation could lead to...
SQL injection in litellm
An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidat...
CVE-2024-5225 SQL Injection in berriai/litellm
An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidat...
CVE-2024-3277
The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and abov...
CVE-2024-3277 Yumpu ePaper publishing <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key Modification
The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and abov...
CVE-2024-3277 Yumpu ePaper publishing <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key Modification
The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and abov...
CVE-2024-3277
CVE-2024-3277 affects the WordPress plugin “Yumpu ePaper publishing” (versions
PT-2024-24841 · WordPress · Yumpu Epaper Publishing Plugin
Name of the Vulnerable Software and Affected Versions: Yumpu ePaper publishing plugin for WordPress version 2.0.24 and earlier Description: The issue allows authenticated attackers with subscriber-level access and above to upload PDF files, publish them, and modify the API key due to a missing...
WordPress Yumpu ePaper publishing plugin <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key Modification vulnerability
Missing Authorization to PDF Upload, Publishing, and API Key Modification vulnerability discovered by Lucio Sá in WordPress Plugin Yumpu ePaper publishing versions = 2.0.24...
DRUPAL-CONTRIB-2024-022
Drupal REST & JSON API Authentication module restricts and secures unauthorized access to your Drupal site APIs using different authentication methods including Basic Authentication , API Key Authentication , JWT Authentication , OAuth Authentication , External / Third-Party Provider...
Yumpu ePaper publishing <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key Modification
Description The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2024-4858
CVE-2024-4858 affects the WordPress plugin Testimonial Carousel for Elementor (WordPress plugin). The vulnerability is due to a missing capability check in the function save_testimonials_option_callback, present in versions up to and including 10.2.0, enabling unauthenticated attackers to modify ...
CVE-2024-4858 Testimonial Carousel For Elementor <= 10.2.0 - Missing Authorization to Limited Setting Update
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savetestimonialsoptioncallback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to updat...