Reddit: Infromation Disclosure To Use of Hard-coded Cryptographic Key

Vulnerability description not provided...

CVE-2024-1047

Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing capability check on the registerreference function in various versions. This makes it possible for unauthenticated attackers to update options values that allow...

CVE-2024-1162

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the registerreference function. This makes it possible for unauthenticated attackers to update the...

Design/Logic Flaw

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the registerreference function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API ke...

Cross site request forgery (csrf)

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the registerreference function. This makes it possible for unauthenticated attackers to update the...

CVE-2024-1162

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the registerreference function. This makes it possible for unauthenticated attackers to update the...

CVE-2024-1162 Orbit Fox by ThemeIsle <= 2.10.29 - Cross-Site Request Forgery

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the registerreference function. This makes it possible for unauthenticated attackers to update the...

CVE-2024-1047 ThemeIsle SDK <= Various Versions - Missing Authorization

Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing capability check on the registerreference function in various versions. This makes it possible for unauthenticated attackers to update options values that allow...

Orbit Fox by ThemeIsle < 2.10.29 - Unauthenticated Connected API Keys Update

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the registerreference function, allowing unauthenticated attackers to update the connected API keys...

Orbit Fox by ThemeIsle < 2.10.30 - Connected API Keys Update via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the registerreference function, allowing attackers to update the connected API keys via a forged request granted they can trick a site administrator into performing an action such as...

The vulnerability of the POST SMTP Mailer plugin in the WordPress content management system allows a hacker to bypass the API key and gain unauthorized access to protected information.

The vulnerability of the POST SMTP Mailer plugin in the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to compromise the API keys and gain unauthorized access to protected information...

U.S. Dept Of Defense: Full Access to sonarQube and Docker

The vulnerability involved the exposure of sensitive credentials and IP addresses in a JavaScript file. The researcher gained access to the organization's Hub Docker account and Sonar projects, allowing them to identify and assess the issue. The vulnerability was caused by a JavaScript file withi...

New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms

A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems CMS, and SaaS platforms such as Amazon Web Services AWS, Microsoft 365, PayPal, Sendgrid, and Twilio. "Key features include credential harvesting for spamming attacks,...

Mars: Datadog api keys exposed can be used to do all the read and write access to the instance

A vulnerability was identified where Datadog API keys were exposed in a JavaScript file, which could have enabled unauthorized access to Datadog services. The issue was responsibly disclosed along with a proof-of-concept demonstration...

Exposed Secrets are Everywhere. Here's How to Tackle Them

Picture this: you stumble upon a concealed secret within your company's source code. Instantly, a wave of panic hits as you grasp the possible consequences. This one hidden secret has the power to pave the way for unauthorized entry, data breaches, and a damaged reputation. Understanding the secr...

Addressing the Rising Threat of API Leaks

In the realm of cybersecurity, the metaphor of "Leaky Buckets" has become an increasingly prevalent concern, particularly in the context of API security. This term encapsulates the hidden vulnerabilities and exposures in API infrastructures that many organizations struggle to identify and address...

WP Review Slider < 13.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Add the payload "...

Elastic Kibana 7.13.0 < 7.17.16, 8.0 < 8.11.2 Information Disclosure (ESA-2023-27)

The version of the Elastic Kibana instance on the remote host is 7.13.0 prior to 7.17.16 or 8.0 prior to 8.11.1. It is, therefore, affected by an information disclosure vulnerability. In the event of an infrequent error returned from an Elasticsearch cluster, in cases where there is user...

The vulnerability of the application software interface for XML-based operating systems like PAN-OS allows a perpetrator to trigger a service failure.

The vulnerability of the XML application programming interface of the PAN-OS operating system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service failures by resetting the current valid API keys...

Solr search discloses password hashes of all users

Impact The Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. To reproduce, it is sufficient to search for propertyvalue:? AND reference:.password and then deselect the "Documen...