Lucene search
K

22 matches found

NVD
NVD
added 2026/06/24 1:16 p.m.9 views

CVE-2026-56244

Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies on the webhooks table. Attackers can retrieve the webhook secret and forge valid X-Capgo-Signature headers to send authenticated webhook events to...

7.1CVSS0.00194EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 11:53 a.m.7 views

CVE-2026-56244

CVE-2026-56244 (Capgo) affects Capgo prior to 12.128.2. The issue arises because non-admin API keys can read webhook signing secrets via Supabase REST due to insufficient row-level security on the webhooks table. This enables attackers to retrieve the webhook secret and forge valid X-Capgo-Signat...

7.1CVSS5.9AI score0.00194EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 11:53 a.m.12 views

EUVD-2026-38741

Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies on the webhooks table. Attackers can retrieve the webhook secret and forge valid X-Capgo-Signature headers to send authenticated webhook events to...

7.1CVSS5.9AI score0.00194EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 5:16 a.m.17 views

Malicious code in wrld-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58965a325ad88c872b7c01668e4c08ca337b5fa022c15e626e23697d23fb594c The package exposes a public authentication API auth.user.login, auth.user.register, auth.user.get, auth.user.delete, plus an auth.system RPC surface...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/22 5:16 a.m.15 views

MAL-2026-4733 Malicious code in wrld-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58965a325ad88c872b7c01668e4c08ca337b5fa022c15e626e23697d23fb594c The package exposes a public authentication API auth.user.login, auth.user.register, auth.user.get, auth.user.delete, plus an auth.system RPC surface...

5.9AI score
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Cleanuparr 访问控制错误漏洞

Cleanuparr is an automated tool developed by Cleanuparr OpenSource, designed to clean up invalid files in the download queue. Versions of Cleanuparr prior to 2.9.10 contained a access control vulnerability. This vulnerability stemmed from the global CORS policy, which reflected the Origin of each...

8CVSS5.8AI score0.0012EPSS
Exploits0References1
NVD
NVD
added 2025/11/14 7:16 p.m.7 views

CVE-2025-63291

When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the specified MongoDB object ID. By specifying...

5.4CVSS0.00213EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.9 views

PT-2025-46999

Name of the Vulnerable Software and Affected Versions Alteryx server versions 2022.1.1.42654 and 2024.1 Description The Alteryx server does not properly validate user authorization when processing API requests that utilize MongoDB object IDs to identify data. Specifically, the server fails to...

5.4CVSS6.2AI score0.00213EPSS
Exploits1References9
CVE
CVE
added 2025/10/14 9:15 a.m.16 views

CVE-2025-40774

CVE-2025-40774 affects SiPass integrated prior to v3.0. The vulnerability stems from passwords stored in the server’s database with decryption keys accessible to administrators, enabling password recovery. Exploitation could allow an attacker with admin access to obtain and use valid user passwor...

6.7CVSS6.5AI score0.00124EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/10/07 8:15 p.m.7 views

CVE-2025-44823

Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/getusers call. This is GL:NLS475...

9.9CVSS0.15568EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2025/10/07 12:0 a.m.2 views

CVE-2025-44823

Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/getusers call. This is GL:NLS475...

9.9CVSS6.3AI score0.15568EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:0 a.m.5 views

EUVD-2025-32882

Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/getusers call. This is GL:NLS475...

9.9CVSS6.2AI score0.15568EPSS
Exploits2References2
CVE
CVE
added 2025/10/07 12:0 a.m.36 views

CVE-2025-44823

Nagios Log Server (before 2024R1.3.2) is vulnerable: unauthenticated? No—authenticated users with access to the API can call /nagioslogserver/index.php/api/system/get_users to retrieve cleartext admin API keys. The underlying issue exposes user accounts and API keys, enabling full system compromi...

9.9CVSS6.3AI score0.15568EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2025/09/18 7:15 p.m.5 views

CVE-2025-10650

SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH. Affects non-production debug and internal development builds created between versions 2.5.0 a...

1.8CVSS0.00114EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/06 12:0 a.m.6 views

PT-2024-37910 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: foreman affected versions not specified Description: A disclosure of sensitive information flaw was found in foreman via the "GraphQL API". If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin...

7.5CVSS6.4AI score0.00658EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/04/18 12:0 a.m.5 views

PT-2024-24598 · Tolgee · Tolgee

Name of the Vulnerable Software and Affected Versions: Tolgee versions 3.57.2 through 3.57.3 Description: Tolgee is an open-source localization platform. When an API key created by an admin user is used, it bypasses the permission check at all. Recommendations: For Tolgee versions 3.57.2 through...

6.5CVSS7.2AI score0.00556EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/02/06 12:0 a.m.6 views

PT-2024-20093 · Hid · Hid Iclass Se Reader Configuration Cards

Name of the Vulnerable Software and Affected Versions: HID iCLASS SE reader configuration cards affected versions not specified Description: Sensitive data can be extracted from HID iCLASS SE reader configuration cards, including credential and device administrator keys. Recommendations: At the...

5.3CVSS6.9AI score0.00253EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/02/06 12:0 a.m.8 views

PT-2024-19381 · Hid Global · Omnikey 5023 Readers +15

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns certain configurations in the communication channel for encoders that could expose sensitive data when reader configuration cards are...

7.8CVSS6.8AI score0.00168EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2022/11/16 3:9 p.m.4 views

foreman: foreman: OAuth secret exposure via unauthenticated access to the GraphQL API

A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API...

7.5CVSS5.7AI score0.00658EPSS
Exploits0References6
OSV
OSV
added 2022/06/28 9:15 p.m.7 views

CVE-2022-31883

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference IDOR vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys...

8.8CVSS5.8AI score0.00905EPSS
Exploits0References3
Rows per page
Query Builder