CVE-2022-31883

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference IDOR vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys...

Marval MSM 安全漏洞

Marval MSM is an innovative IT Service Management software from Marval UK. A security vulnerability exists in Marval MSM version v14.19.0.12476, which stems from an insecure Direct Object Reference IDOR vulnerability that allows even a low-privileged user to view other user's API keys, including...

Socialhunter - Crawls The Website And Finds Broken Social Media Links That Can Be Hijacked

Crawls the given URL and finds broken social media links that can be hijacked. Broken social links may allow an attacker to conduct phishing attacks. It also can cost a loss of the company's reputation. Broken social media hijack issues are usually accepted on the bug bounty programs. Currently, ...

CVE-2021-43512

An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys...

Design/Logic Flaw

An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys...

CVE-2021-43512

An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys...

CVE-2021-43512

The CVE-2021-43512 entry concerns FlightRadar24 for Android versions 8.9.0, 8.10.0, 8.10.2, 8.10.3, and 8.10.4. The underlying issue is that an attacker could decompile a local application and extract its API keys, leading to unspecified consequences. The linked sources confirm the affected produ...

Malware in ctx

The ctx hosted project on PyPI was taken over via user account compromise and replaced with a malicious project which contained runtime code that collected the content of os.environ.items when instantiating Ctx objects. The captured environment variables were sent as a base64 encoded query...

Apigee Edge - Moderately critical - Access bypass - SA-CONTRIB-2022-045

The Apigee Edge module allows connecting a Drupal site to Apigee X / Edge in order to build a developer portal. The developers user can view API keys for their respective Apps. The module discloses information by allowing attackers to view cached information of API Keys from the browser cache for...

CVE-2019-14666

GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any use...

Improper Input Validation in Jenkins

The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, , supports form validation e.g. for API keys. The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations o...

GHSA-HHX9-4VW2-X54R RhodeCode and Kallithea are vulnerable to sensitive information disclosure

RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the getrepo API method...

RhodeCode and Kallithea are vulnerable to sensitive information disclosure

RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the getrepo API method...

WordPress plugin Metform information leakage vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Metform is vulnerable to an information disclosure vulnerability, which stems from...

CVE-2022-1442

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

CVE-2022-1442

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

Improper access control

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

CVE-2022-1442 Metform Elementor Contact Form Builder <= 2.1.3 - Sensitive Information Disclosure

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

CVE-2022-1442 Metform Elementor Contact Form Builder <= 2.1.3 - Sensitive Information Disclosure

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

CVE-2022-1442

CVE-2022-1442 affects the WordPress Metform plugin up to version 2.1.3. The vulnerability stems from improper access control in the ~/core/forms/action.php file, allowing an unauthenticated attacker to view API keys and secrets for multiple integrated third‑party services (e.g., PayPal, Stripe, M...