Lucene search
K

28 matches found

Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.4 views

PT-2024-13214 · Octopus Deploy +1 · Octopus Server

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue allows an API key to be logged in clear text in the audit log file after an invalid login attempt. Recommendations: At the moment, there is no information about a newer version...

4.3CVSS6.1AI score0.00228EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.12 views

WP Spell Check < 9.18 - Cross-Site Request Forgery

Description The WP Spell Check plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.17. This is due to missing or incorrect nonce validation on the wpscxadminemptyrender function. This makes it possible for unauthenticated attackers to update an...

8.8CVSS6.1AI score0.00208EPSS
Exploits0References1Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/13 12:0 a.m.52 views

JVN#64453490: Android App "Wolt Delivery: Food and more" uses a hard-coded API key for an external service

Android App "Wolt Delivery: Food and more" provided by Wolt uses a hard-coded API key for an external service CWE-798. Impact The hard-coded API key may be retrieved via reverse-engineering the application binary. Note that the application users are not directly affected by this vulnerability...

7.8CVSS7.4AI score0.00161EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2022/12/19 8:27 p.m.5 views

CVE-2022-43887 IBM Cognos Analytics information disclosure

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450...

5.3CVSS5AI score0.00527EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/01 12:0 a.m.9 views

PT-2022-17478 · Unknown · Octopus Server

Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue concerns Octopus Server versions where access is managed by an external authentication provider. In these versions, it was possible for the API key/keys of a disabled or...

9.8CVSS9.4AI score0.00833EPSS
Exploits0References3
Prion
Prion
added 2022/01/17 10:15 a.m.22 views

Hardcoded credentials

Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

2.1CVSS3.9AI score0.00203EPSS
Exploits0References1Affected Software1
Huntr
Huntr
added 2021/07/10 12:31 a.m.4 views

Use of a Broken or Risky Cryptographic Algorithm in emoncms/emoncms

✍️ Description The function mtrand is used to generate verification keys, API keys both read & write, and even hash salts, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this functio...

0.3AI score
Exploits0References4
Hacker One
Hacker One
added 2017/07/08 3:42 p.m.60 views

WakaTime: Session Duplication due to Broken Access Control

Due to improper validation of user before generating an API-KEY and improper measures taken at the time of password reset, it is possible to generate a parallel session at the attacker's end. Proof of concept video is attached to confirm the vulnerability and to demonstrate the Impact of this...

3.1AI score
Exploits0
Rows per page
Query Builder