Lucene search
K

12 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/22 4:10 p.m.4 views

CVE-2026-53571

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...

8.2CVSS5.9AI score0.00393EPSS
Exploits1References2Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 5:16 a.m.17 views

Malicious code in wrld-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58965a325ad88c872b7c01668e4c08ca337b5fa022c15e626e23697d23fb594c The package exposes a public authentication API auth.user.login, auth.user.register, auth.user.get, auth.user.delete, plus an auth.system RPC surface...

5.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/09 3:30 a.m.8 views

CVE-2026-42461

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list and read the full...

8.7CVSS5.7AI score0.00309EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 12:0 a.m.2 views

CVE-2025-70841

Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...

10CVSS5.4AI score0.00383EPSS
Exploits1References2
CVE
CVE
added 2026/02/03 12:0 a.m.16 views

CVE-2025-70841

Dokans Multi-Tenancy Based eCommerce Platform SaaS version 3.9.2 is vulnerable to unauthenticated remote access to the /script/.env file. The exposure reveals sensitive data including the Laravel APP_KEY, database credentials, SMTP/SendGrid API credentials, and internal configuration parameters, ...

10CVSS5.5AI score0.00383EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/21 4:14 p.m.3 views

CVE-2025-57754 eslint-ban-moment exposed a sensitive Supabase URI in .env (Credential leak)

eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In 3.0.0 and earlier, a sensitive Supabase URI is exposed in .env. A valid Supabase URI with embedded username and password will allow an attacker complete unauthorized access and control over database and user data. This could...

9.8CVSS7.2AI score0.00338EPSS
Exploits0References2
OSV
OSV
added 2025/05/28 5:38 p.m.4 views

GHSA-H2WG-V8WG-JHXH Mautic does not shield .env files from web traffic

Summary This advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system...

5.1CVSS6.9AI score0.00103EPSS
Exploits0References3
NVD
NVD
added 2025/05/28 5:15 p.m.32 views

CVE-2024-47056

SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system...

5.1CVSS0.00103EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/28 4:24 p.m.50 views

CVE-2024-47056 Mautic does not shield .env files from web traffic

SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system...

5.1CVSS0.00103EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/28 12:0 a.m.5 views

Mautic 安全漏洞

Mautic is an open source marketing automation software from Mautic Open Source. The software monitors and manages websites, sends emails and manages customer resources. A security vulnerability exists in Mautic versions prior to 6.0.2 that stems from the .env file being directly accessible, which...

5.1CVSS6.1AI score0.00103EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.12 views

CVE-2024-55555

Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values. The route/hash route defined in the invoiceninja/routes/client.p...

8.8CVSS9AI score0.065EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2025/04/29 12:0 a.m.4 views

VulnCheck KEV: CVE-2017-16894

In Laravel framework through 5.5.21, remote attackers can obtain sensitive information such as externally usable passwords via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in...

7.5CVSS5.8AI score0.8703EPSS
Exploits4References1
Rows per page
Query Builder