CVE-2024-8775 Ansible-core: exposure of sensitive information in ansible vault files due to improper logging

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...

CVE-2024-8775 Ansible-core: exposure of sensitive information in ansible vault files due to improper logging

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...

CVE-2024-8775

CVE-2024-8775 (Ansible) : A flaw exposes sensitive data stored in Ansible Vault when a playbook loads vaulted variables (e.g., via include_vars) without enabling no_log, causing plaintext leakage in output/logs. This is the primary vulnerability described in the initial CVE record. The connected ...

CVE-2024-8775

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...

CVE-2024-28100

eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a li...

CVE-2024-28100 Stored Cross-site Scripting leading to arbitrary actions taken on behalf of users in elabftw

eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a li...

PT-2024-22265 · Elabftw · Elabftw

Name of the Vulnerable Software and Affected Versions: eLabFTW versions prior to 5.0.0 Description: The issue allows a regular user to create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application by uploading specially crafted files. Thi...

PT-2024-38870 · WordPress · Reviews Feed – Add Testimonials/Customer Reviews From Google Reviews

Name of the Vulnerable Software and Affected Versions: Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress versions 1.1.2 and earlier Description: The issue is related to a missing capability check on the update api key...

CVE-2024-42364

CVE-2024-42364 – DNS rebinding vulnerability in Homepage 0.9.1. The default, unauthenticated setup of Homepage (0.9.1) can be abused via DNS rebinding to route requests to the internal IP of the Homepage instance, allowing an attacker-controlled site to access sensitive data (e.g., API keys) due ...

CVE-2024-42364 homepage DNS rebinding vulnerability (GHSL-2024-096)

Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authentication by default, leaving it to vulnerable to DNS rebinding. In this attack, an attacker will...

VulnCheck KEV: CVE-2024-6587

LiteLLM is vulnerable to a Server-Side Request Forgery SSRF vulnerability that exposes OpenAI API Keys...

Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks

Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services. "Attackers can use Xeon to send messages through multiple software-as-a-service SaaS providers using valid credentials for the service...

Dorsett Controls InfoScan < 1.38 Multiple Vulnerabilities (July 2024)

The version of Dorsett Controls InfoScan running on the remote host is prior to 1.38. It is, therefore, affected by multiple vulnerabilities: - Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys. CVE-2024-392...

CVE-2024-39287

Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys...

CVE-2024-39287

CVE-2024-39287 affects Dorsett Controls InfoScan ecosystem (notably the Central Server update server). The vulnerability is due to an information leak from an unprotected file that contains passwords and API keys, enabling potential exposure. Connected advisories corroborate the issue and note as...

CVE-2024-39287 Dorsett Controls InfoScan Exposure of Sensitive Information To An Unauthorized Actor

Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys...

CVE-2024-39287 Dorsett Controls InfoScan Exposure of Sensitive Information To An Unauthorized Actor

Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys...

CVE-2024-42062

CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations. Due to an access permission validation issue that...

CVE-2024-42062

CVE-2024-42062 (Apache CloudStack) : A permission validation flaw in CloudStack 4.10.0–4.19.1.0 lets domain-admins query all account-user API/secret keys, including those of root admins. An attacker with domain-admin access can leverage this to gain root-admin and other privileges, potentially co...

WordPress plugin Forminator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...