Lucene search
+L

69 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-50859

Malicious code in bioql PyPI...

9.1CVSS9AI score0.00348EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/21 2:54 p.m.3 views

Permissive Cross-domain Policy with Untrusted Domains

Overview @musistudio/claude-code-router is an Use Claude Code without an Anthropics account and route it to another LLM provider Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains due to improper CORS configuration. An attacker can access use...

9.8CVSS7.1AI score0.00285EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/19 6:19 p.m.6 views

CVE-2025-55306 GenX_FX authentication bypass in JWT validation

GenXFX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources Google Cloud...

9.8CVSS7.4AI score0.00523EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/07/14 5:6 p.m.12 views

The Unusual Suspect: Git Repos

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of...

7.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/07/10 12:0 a.m.49 views

Jenkins plugins Multiple Vulnerabilities (2025-07-09)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller,...

8.2CVSS6AI score0.00618EPSS
Exploits1References32
OSV
OSV
added 2025/07/09 6:30 p.m.7 views

GHSA-Q92V-3F4W-5XG8 Jenkins Applitools Eyes Plugin vulnerability exposes unencrypted keys to certain authenticated users

Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS6AI score0.00197EPSS
Exploits0References4
NVD
NVD
added 2025/07/09 4:15 p.m.19 views

CVE-2025-53671

Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

6.5CVSS0.00175EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/09 3:39 p.m.6 views

CVE-2025-53743

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

6.5AI score0.00252EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/09 3:39 p.m.4 views

CVE-2025-53661

Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

7AI score0.00222EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.5 views

PT-2025-28911 · Jenkins · Jenkins Qmetry Test Management Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins QMetry Test Management Plugin versions 1.13 and earlier Description: The Jenkins QMetry Test Management Plugin stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller. These keys are accessible ...

6.8CVSS5.9AI score0.00201EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.13 views

PT-2025-28922 · Jenkins · Jenkins Nouvola Divecloud Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Nouvola DiveCloud Plugin versions prior to 1.09 Description: The Jenkins Nouvola DiveCloud Plugin stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in config.xml files on the Jenkins controller. Users with...

6.8CVSS6.1AI score0.0013EPSS
Exploits0References6
HackRead
HackRead
added 2025/06/18 4:19 p.m.8 views

AgentSmith Flaw in LangSmith’s Prompt Hub Exposed User API Keys, Data

A CVSS 8.8 AgentSmith flaw in LangSmith's Prompt Hub exposed AI agents to data theft and LLM manipulation. Learn how malicious AI agents could steal API keys and hijack LLM responses. Fix deployed...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/06/04 11:20 a.m.15 views

CVE-2025-48957

AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data. The vulnerability has been addressed in...

7.5CVSS6.7AI score0.00618EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:10 a.m.9 views

CVE-2024-48310

AutoLib Software Systems OPAC v20.10 was discovered to have multiple API keys exposed within the source code. Attackers may use these keys to access the backend API or other sensitive information...

7.5CVSS7.1AI score0.00531EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:6 a.m.12 views

CVE-2023-6810

The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized access of data due to an improper capability check on the getsettings function in all versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with author access and above, to...

4.3CVSS6.5AI score0.00367EPSS
Exploits0References1
OSV
OSV
added 2025/04/02 3:31 p.m.38 views

GHSA-M254-F6H4-P93G Jenkins AsakusaSatellite Plugin Does not Mask API Keys via Job Configuration Form

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS6.9AI score0.00276EPSS
Exploits0References3
OSV
OSV
added 2025/04/02 3:16 p.m.4 views

CVE-2025-31728

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

5.5CVSS5.8AI score0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/02 2:59 p.m.14 views

CVE-2025-31728

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

7AI score0.00276EPSS
Exploits0References1
OSV
OSV
added 2025/03/20 10:9 a.m.7 views

CVE-2025-0330 Exposure of Sensitive Information in berriai/litellm

In berriai/litellm version v1.52.1, an issue in proxyserver.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfusesecret and langfusepublickey, which can provide full access to the Langfuse...

7.5CVSS7AI score0.00523EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/05 3:12 a.m.9 views

CVE-2024-6674

A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability can also enable attackers to perform actions on behalf of a user,...

8.1CVSS6.7AI score0.00242EPSS
Exploits1References1
Rows per page
Query Builder