Exploit for SQL Injection in Nagios Nagios_Xi

CVE-2023-48084 Fixes broken syntax in the POC, primarily incor...

BIT-GITLAB-2021-22171

Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link...

BIT-GRAFANA-2022-21673 OAuth Identity Token exposure in Grafana

Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token and no other user credentials will forward the OAuth Identity of the most recently...

CVE-2024-0379

The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the ctfautosavetokens function. This makes it possible for...

Cross site request forgery (csrf)

The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the ctfautosavetokens function. This makes it possible for...

Enjin: Revocation API Token by Bypassing The XSRF Token

The revocation API token was bypassed by bypassing the XSRF token. This allowed the demonstration that the Enjin Platform's GraphQL interface lacked appropriate CSRF protection when utilizing a session token...

CVE-2023-6289 Swift Performance Lite <= 2.3.6.14 - Unauthenticated Configuration Export

The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens...

SVGator – Add Animated SVG Easily < 1.2.5 - API Token Update/Deletion & Import Projects via CSRF

Description The plugin does not have CSRF checks when updating and deleting API token as well as importing projects, which could allow attackers to make logged in admins perform such actions via CSRF attacks...

CVE-2023-36620

An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is...

CVE-2023-36620

An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is...

Design/Logic Flaw

An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is...

CVE-2023-36620

An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is...

CVE-2023-36620

An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is...

CVE-2023-36620

CVE-2023-36620 affects the Boomerang Parental Control Android app prior to version 13.83. The root cause is the manifest lacking android:allowBackup="false", enabling local backups of the app’s internal memory to a PC. This backup exposure grants access to the API token used for authenticating AP...

PT-2023-25636 · Unknown · Boomerang Parental Control

Name of the Vulnerable Software and Affected Versions: Boomerang Parental Control application versions prior to 13.83 for Android Description: An issue was discovered in the Boomerang Parental Control application where the app is missing the android:allowBackup="false" attribute in the manifest...

Mozilla: Mozilla Employee's Token for sql.telemetry.mozilla.org Exposed in Git Commit

A Mozilla employee's API token was exposed in a GitHub repository, granting access to confidential data. The token was rotated and removed from the service...

API Token Disclosure

gitlab is vulnerable to API Token Disclosure. The vulnerability exists due to Insufficient permission checks, which allows an attacker to exfiltrate a Datadog API key...

Improper Authentication

gitlab is vulnerable to Improper Authentication. The vulnerability allows a malicious attacker to steal a users API token via a malicious link due to insufficient validation...

CVE-2023-37918

Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. A vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HT...

Design/Logic Flaw

Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. A vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HT...