Leakage of Langfuse API keys in team exception handling

This report is not public...

CVE-2024-6674 Data Leak through CORS Misconfiguration in parisneo/lollms-webui

A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability can also enable attackers to perform actions on behalf of a user,...

CVE-2024-10100

A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...

CVE-2023-7289

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytiumswsaveapikeys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level...

VulnCheck KEV: CVE-2023-7289

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytiumswsaveapikeys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

VulnCheck KEV: CVE-2024-9463

Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls...

CVE-2023-48082

Nagios XI before 2024R1 was discovered to improperly handle API keys generation randomly-generated, allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate...

CVE-2023-48082

Nagios XI before 2024R1 was discovered to improperly handle API keys generation randomly-generated, allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate...

CVE-2023-48082

Nagios XI is affected by CVE-2023-48082 in versions before 2024R1 (and before 5.11.3 in 2024R1 per other sources). The vulnerability stems from improper handling of API key generation, described as randomly-generated keys that could allow an attacker to generate the same API keys for all users an...

CVE-2023-48082

Nagios XI before 2024R1 was discovered to improperly handle API keys generation randomly-generated, allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate...

CVE-2023-48082

Nagios XI before 2024R1 was discovered to improperly handle API keys generation randomly-generated, allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate...

CVE-2024-9464

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls...

CVE-2024-9466

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials...

CVE-2024-9465

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...

CVE-2024-9463

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls...

CVE-2024-9466 Expedition: Cleartext Storage of Information Leads to Firewall Admin Credential Disclosure

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials...

CVE-2024-9466

Palo Alto Networks Expedition (vulnerable up to 1.2.95; fixed in 1.2.96+) suffers a cleartext storage vulnerability that allows an authenticated attacker to reveal firewall usernames, passwords, and API keys. Affected component: storage of sensitive information in Expedition; root cause: storing ...

CVE-2024-9465 Expedition: SQL Injection Leads to Firewall Admin Credential Disclosure

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...

CVE-2024-9464

CVE-2024-9464 affects Palo Alto Networks Expedition: an authenticated OS command injection in Expedition allows an attacker with valid credentials to run arbitrary OS commands as root, risking disclosure of usernames, cleartext passwords, device configurations, and API keys. Affected are Expediti...

CVE-2024-9463 Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls...