ArgoCD Project API Token Repository Credentials Exposure

Argo CD API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwords through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. This vulnerability...

CVE-2025-14042

The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Project Details' custom field in Portfolio Items in all versions up to, and including, 13.4.1. This is due to insufficient input sanitization and output escaping on...

CVE-2025-14042

The CVE concerns the WordPress theme “Automotive Car Dealership Business” (versions

CVE-2025-14042 Automotive Car Dealership Business WordPress Theme <= 13.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Portfolio Project Details

The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Project Details' custom field in Portfolio Items in all versions up to, and including, 13.4.1. This is due to insufficient input sanitization and output escaping on...

CVE-2025-14042 Automotive Car Dealership Business WordPress Theme <= 13.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Portfolio Project Details

The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Project Details' custom field in Portfolio Items in all versions up to, and including, 13.4.1. This is due to insufficient input sanitization and output escaping on...

WordPress Theme Automotive Car Dealership Business 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-44750

The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Project Details' custom field in Portfolio Items in all versions up to, and including, 13.4.1. This is due to insufficient input sanitization and output escaping on...

CVE-2026-33345

solidtime is an open-source time-tracking app. Prior to version 0.11.6, the project detail endpoint GET /api/v1/organizations/org/projects/project allows any authenticated Employee to access any project in the organization by UUID, including private projects they are not a member of. The index...

CVE-2021-22228

An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql...

CVE-2021-22233

An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details...

VulnCheck KEV: CVE-2025-55190

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwor...

EUVD-2014-8767

Malware in sbrugna...

Sensitive Information Disclosure

github.com/argoproj/argo-cd is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the project details API returning stored repository usernames and passwords in its response, and an attacker with a token scoped only for standard application management can call that endpoi...

EUVD-2021-9379

Malicious code in bioql PyPI...

SUSE CVE-2025-55190

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwor...

BIT-ARGO-CD-2025-55190 Argo CD: Project API Token Exposes Repository Credentials

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwords...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the project details API endpoint. An attacker can access sensitive repository credentials by using API tokens with project-level or project get permissions,...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the project details API endpoint. An attacker can access sensitive repository credentials by using API tokens with project-level or project get permissions,...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the project details API endpoint. An attacker can access sensitive repository credentials by using API tokens with project-level or project get permissions,...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the project details API endpoint. An attacker can access sensitive repository credentials by using API tokens with project-level or project get permissions,...