CVE-2023-23132

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys...

Hardcoded credentials

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys...

CVE-2023-23132

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys...

CVE-2023-23132

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys...

CVE-2023-23132

Selfwealth iOS mobile App 3.3.1 is affected by a vulnerability leading to sensitive key disclosure due to hardcoded API keys. The connected documents consistently describe the issue as exposing hardcoded credentials, with no explicit exploitation details, affected components beyond the iOS app ve...

CVE-2023-0558

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper...

CVE-2023-0558

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper...

CVE-2023-0558 ContentStudio <= 1.2.5 - Authorization Bypass

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper...

PT-2023-16362 · WordPress · Contentstudio

Name of the Vulnerable Software and Affected Versions: ContentStudio plugin for WordPress version 1.2.5 and earlier Description: The issue is related to an authorization bypass due to an unsecure token check that is susceptible to type juggling. This allows unauthenticated attackers to execute...

Introducing Proactive API Leak Management

Read the press release announcing the early release of Wallarm API Leak Management The recent surge in hacks involving leaked API Keys and other API secrets such as credentials, passwords, certificates, tokens and encryption keys has put everyone involved on notice – organizations need a way to...

Wallarm Releases New End-to-End Solution to Reduce Risk and Time-to-Remediate Leaked API Keys and Secrets

Advancement to API Security Technology Will Combat Recent Surge in Hacks Leveraging Leaked API; Early Release Now Available San Francisco, CA –BUSINESS WIRE– January 19, 2023 – Wallarm, the end-to-end API security company, today announced the early release of the Wallarm API Leak Management...

REST-Attacker - Designed As A Proof-Of-Concept For The Feasibility Of Testing Generic Real-World REST Implementations

REST-Attacker is an automated penetration testing framework for APIs following the REST architecture style. The tool's focus is on streamlining the analysis of generic REST API implementations by completely automating the testing process - including test generation, access control handling, and...

CVE-2021-45467

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/accountnewcreate&acc=guadaapi URI. Any number of %00...

CVE-2022-43887

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450...

Information disclosure

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450...

CVE-2022-43887

IBM Cognos Analytics versions 11.1.7, 11.2.0 and 11.2.1 are affected by CVE-2022-43887, a sensitive information exposure flaw caused by API keys being written to log files. Multiple connected sources corroborate this vulnerability, including IBM’s security bulletin and external CVE records, which...

CVE-2022-43887 IBM Cognos Analytics information disclosure

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450...

GitHub Announces Free Secret Scanning for All Public Repositories

GitHub on Thursday said it is making available its secret scanning service to all public repositories on the code hosting platform for free. "Secret scanning alerts notify you directly about leaked secrets in your code," the company said, adding it's expected to complete the rollout by the end of...

All-in-One Addons for Elementor - WidgetKit < 2.4.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Go to WidgetKit - API Keys, put the following...

CVE-2022-3907

The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options...