1257 matches found
CVE-2024-21495
Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for...
CVE-2024-21495
Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for...
CVE-2024-21495
The CVE-2024-21495 entry concerns the Go package github.com/greenpau/caddy-security (versions before 1.0.42). Root cause: insecure randomness used in multiple contexts (OAuth nonce, MFA secrets, API key generation) due to an insecure RNG library, enabling potential replay or predictability attack...
CVE-2024-21495
Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for...
CVE-2024-21495
Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for...
Weblate: Information Disclosure
A vulnerability allowed API keys to be exposed in a PyPI package...
Reddit: Infromation Disclosure To Use of Hard-coded Cryptographic Key
Vulnerability description not provided...
CVE-2024-1162
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the registerreference function. This makes it possible for unauthenticated attackers to update the...
CVE-2024-1047
Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing capability check on the registerreference function in various versions. This makes it possible for unauthenticated attackers to update options values that allow...
Design/Logic Flaw
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the registerreference function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API ke...
Cross site request forgery (csrf)
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the registerreference function. This makes it possible for unauthenticated attackers to update the...
CVE-2024-1162
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the registerreference function. This makes it possible for unauthenticated attackers to update the...
CVE-2024-1162 Orbit Fox by ThemeIsle <= 2.10.29 - Cross-Site Request Forgery
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the registerreference function. This makes it possible for unauthenticated attackers to update the...
CVE-2024-1047 ThemeIsle SDK <= Various Versions - Missing Authorization
Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing capability check on the registerreference function in various versions. This makes it possible for unauthenticated attackers to update options values that allow...
Orbit Fox by ThemeIsle < 2.10.29 - Unauthenticated Connected API Keys Update
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the registerreference function, allowing unauthenticated attackers to update the connected API keys...
Orbit Fox by ThemeIsle < 2.10.30 - Connected API Keys Update via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the registerreference function, allowing attackers to update the connected API keys via a forged request granted they can trick a site administrator into performing an action such as...
The vulnerability of the POST SMTP Mailer plugin in the WordPress content management system allows a hacker to bypass the API key and gain unauthorized access to protected information.
The vulnerability of the POST SMTP Mailer plugin in the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to compromise the API keys and gain unauthorized access to protected information...
U.S. Dept Of Defense: Full Access to sonarQube and Docker
The vulnerability involved the exposure of sensitive credentials and IP addresses in a JavaScript file. The researcher gained access to the organization's Hub Docker account and Sonar projects, allowing them to identify and assess the issue. The vulnerability was caused by a JavaScript file withi...
New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms
A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems CMS, and SaaS platforms such as Amazon Web Services AWS, Microsoft 365, PayPal, Sendgrid, and Twilio. "Key features include credential harvesting for spamming attacks,...
Mars: Datadog api keys exposed can be used to do all the read and write access to the instance
A vulnerability was identified where Datadog API keys were exposed in a JavaScript file, which could have enabled unauthorized access to Datadog services. The issue was responsibly disclosed along with a proof-of-concept demonstration...