293 matches found
SmartSearchWP < 2.4.6 - OpenAI Key Disclosure
The plugin does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key. id: CVE-2024-6845 info: name: SmartSearchWP 2.4.6 - OpenAI Key Disclosure author: s4e-io severity: medium...
CVE-2026-6895 Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation via 'wlm3_export_settings' AJAX Action
The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is due to the missing capability checks in the 'exportsettings' function. This function returns the RES...
CVE-2026-43336
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...
Exploit for Missing Authentication for Critical Function in Nginxui Nginx_Ui
CVE-2026-27944 + CVE-2026-33032 — nginx-ui Zero-Credential RCE...
CVE-2025-13997 King Addons for Elementor <= 51.1.49 - Unauthenticated API Keys Disclosure
The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...
CVE-2026-0115
Technical details for CVE-2026-0115 are not publicly available in the provided documents. Monitor for updates.
GO-2026-4614 Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure in github.com/0xJacky/Nginx-UI
Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure in github.com/0xJacky/Nginx-UI. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...
Exploit for CVE-2026-27944
CVE-2026-27944 - Nginx-UI Unauthenticated Backup Download !...
PT-2026-24444
In Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. This could lead to physical information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-14864 Virusdie <= 1.1.7 - Missing Authorization to Authenticated (Subscriber+) API Key Disclosure
The Virusdie - One-click website security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.7. This is due to missing capability checks on the vdgetapikey function which is hooked to wpajaxvirusdieapikey. This makes it possible for...
CVE-2025-14864
CVE-2025-14864 concerns Virusdie – One-click website security (WordPress) up to version 1.1.7. The vulnerability arises from missing capability checks on the vd_get_apikey function, which is hooked to wp_ajax_virusdie_apikey. This allows authenticated attackers with Subscriber-level access and ab...
WordPress Virusdie plugin <= 1.1.7 - Missing Authorization to Authenticated (Subscriber+) API Key Disclosure vulnerability
Missing Authorization to Authenticated Subscriber+ API Key Disclosure vulnerability discovered by Sushi Com Abacate in WordPress Plugin Virusdie versions = 1.1.7...
pgAdmin < 9.12 Command Execution (GHSA-3p7x-94q9-jq9x)
The version of pgAdmin installed on the remote host is prior to 9.12. It is, therefore, affected by command execution vulnerability: - pgAdmin versions prior to 9.12 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performin...
cryptography 安全漏洞
cryptography is an open-source Python encryption library developed by Python Cryptographic Authority. Versions of cryptography prior to 46.0.5 contained security vulnerabilities. These vulnerabilities stemmed from multiple public key-related functions that did not verify whether the point belonge...
SUSE CVE-2026-1707
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...
pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...
GHSA-3P7X-94Q9-JQ9X pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...
CVE-2026-1707
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...
CVE-2026-1707
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...
CVE-2026-1707
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...