CVE-2024-57726

CVE-2024-57726 affects SimpleHelp remote support software, versions 5.5.7 and earlier. The issue allows low-privilege technicians to create API keys with excessive permissions, enabling privilege escalation to the server admin role. Public disclosures and multiple security feeds corroborate the h...

CVE-2024-57726

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role...

CVE-2025-0103

An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on...

CVE-2025-0107

An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls...

CVE-2025-0103 Expedition: SQL Injection Vulnerability

An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on...

Palo Alto Networks Expedition 安全漏洞

Palo Alto Networks Expedition is a network security appliance used to provide firewall, intrusion detection, and prevention. The Palo Alto Networks Expedition suffers from a command injection vulnerability that can be exploited by an attacker to run arbitrary operating system commands, which can...

CVE-2024-28778

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization...

CVE-2024-28778 IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization...

CVE-2024-28778

CVE-2024-28778 affects IBM Controller 11.1.0 and IBM Cognos Controller 11.0.0–11.0.1. The issue is exposure of Artifactory API keys, enabling users to publish code to private packages or repositories under the organization’s name. IBM’s integration bulletin lists CVSS 3.1 base score 6.5 (Network,...

CVE-2024-28778 IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization...

Postman Workspaces Leak 30000 API Keys and Sensitive Tokens

Thousands of Postman workspaces leaked sensitive data like API keys and tokens. Learn best practices to secure your API development environment and protect your organization...

ansible-core: Exposure of Sensitive Information in Ansible Vault Files Due to Improper Logging

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...

CVE-2024-36248

API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under References...

CVE-2024-36248

CVE-2024-36248 affects Sharp MFPs and related devices, where API keys for cloud services are hardcoded in the main binary. This root cause can enable exposure or misuse of cloud credentials by anyone gaining access to the device, potentially allowing unauthorized external access or data exposure ...

CVE-2024-36248

API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under References...

CVE-2024-36248

API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under References...

Leakage of Langfuse API keys in team exception handling

This report is not public...

CVE-2024-6674 Data Leak through CORS Misconfiguration in parisneo/lollms-webui

A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability can also enable attackers to perform actions on behalf of a user,...

CVE-2024-10100

A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...

CVE-2023-7289

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytiumswsaveapikeys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level...