72 matches found
CVE-2025-10952
A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function streamhandler of the file mllogger/server.py of the component File Handler. Performing manipulation of the argument key results in information disclosure...
CVE-2025-10952 geyang ml-logger File server.py stream_handler information disclosure
A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function streamhandler of the file mllogger/server.py of the component File Handler. Performing manipulation of the argument key results in information disclosure...
CVE-2025-9604
A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible ...
CVE-2025-9513
The CVE-2025-9513 issue affects editso fuso up to version 1.0.4-beta.7. The vulnerable component is PenetrateRsaAndAesHandshake in src/net/penetrate/handshake/mod.rs, where manipulating the priv_key argument leads to inadequate encryption strength. This enables remote exploitation, though exploit...
CVE-2025-9513 editso fuso mod.rs PenetrateRsaAndAesHandshake inadequate encryption
A flaw has been found in editso fuso up to 1.0.4-beta.7. This affects the function PenetrateRsaAndAesHandshake of the file src/net/penetrate/handshake/mod.rs. This manipulation of the argument privkey causes inadequate encryption strength. Remote exploitation of the attack is possible. A high...
CVE-2025-50613
A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN00475e1c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wdskeywep in the payload, which can cause the program to crash and potentially lead to a Denial ...
CVE-2022-4768
A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the function addpublickey of the file grouper/publickey.py of the component SSH Public Key Handler. The manipulation of the argument publickeystr leads to injection. It is possible to launch the attack...
CVE-2024-10092 Download Monitor <= 5.0.12 - Missing Authorization to API Key Manipulation
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandleapikeyactions function in all versions up to, and including, 5.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and...
WordPress Download Monitor plugin <= 5.0.12 - Missing Authorization to API Key Manipulation vulnerability
Missing Authorization to API Key Manipulation vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Download Monitor versions = 5.0.12...
CVE-2024-6187
CVE-2024-6187 affects Ruijie RG-UAC 1.0. The vulnerability resides in the file /view/vpn/autovpn/sub_commit.php where manipulation of the key parameter enables remote OS command injection . Exploitation is possible without user interaction and has been disclosed publicly. Several sources refer to...
CVE-2024-29194 OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation
OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the ismasteradmin key, stored in the local storage of the browser, can be manipulated by an attacker. By...
CVE-2024-0886
A vulnerability classified as problematic was found in Poikosoft EZ CD Audio Converter 8.0.7. Affected by this vulnerability is an unknown functionality of the component Activation Handler. The manipulation of the argument Key leads to denial of service. Local access is required to approach this...
PT-2024-15891 · Poikosoft · Poikosoft Ez Cd Audio Converter
Name of the Vulnerable Software and Affected Versions: Poikosoft EZ CD Audio Converter version 8.0.7 Description: A problematic vulnerability was found in the Activation Handler component. The manipulation of the Key argument leads to denial of service. Local access is required to approach this...
CVE-2024-0772
A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. Local access is required to approach this attac...
PT-2024-15808 · Nsasoft · Nsasoft Sharealarmpro
Name of the Vulnerable Software and Affected Versions: Nsasoft ShareAlarmPro version 2.1.4 Description: A vulnerability was found in the Registration Handler component of Nsasoft ShareAlarmPro. The manipulation of the Name/Key argument leads to memory corruption. Local access is required to...
Automatic YouTube Gallery < 2.3.5 - Missing Authorization via AJAX actions
Description The Automatic YouTube Gallery plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on the ajaxcallbacksaveapikey and ajaxcallbackdeletecache functions in versions up to, and including, 2.3.3. This makes it possible for authenticat...
ROS-20231110-02
The vulnerability of the functions EVPEncryptInitex2, EVPDecryptInitex2, EVPCipherInitex2 of the OpenSSL cryptographic library is related to manipulation of the keylen/ivelens argument. OpenSSL library is related to manipulation of the keylen/ivelens argument. Exploitation of the vulnerability...
CVE-2019-25105
A vulnerability, which was classified as problematic, was found in dro.pm. This affects an unknown part of the file web/fileman.php. The manipulation of the argument secret/key leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. Thi...
CVE-2022-1434
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...
Insecure Access Control
shinobi uses insecure access controls. An attacker is able to access the User/Admin/Super API functions through the use of JS Proto Method names held in an internal JS Object and trick the System into accepting supplied API Key that exists in the underlying JS object...