54 matches found
EXERT Education Management System has a security vulnerability
EXERT Education Management System is a comprehensive education management software developed by the Turkish company EXERT. The version 23.09.2025 and earlier of the EXERT Education Management System contained security vulnerabilities. These vulnerabilities stemmed from unauthorized access through...
WordPress plugin Curly has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
MiracleLinux 4 : kernel-2.6.32-220.4.1.el6 (AXSA:2012-228:02)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-228:02 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...
EUVD-2025-38342
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...
PT-2025-44756
Name of the Vulnerable Software and Affected Versions Elastic Cloud Enterprise affected versions not specified Description An improper authorization issue exists in the Elastic Cloud Enterprise platform’s application programming interfaces. Exploitation of this issue may allow a remote attacker t...
GHSA-99H5-PJCV-GR6V Better Auth: Unauthenticated API key creation through api-key plugin
Summary A critical authentication bypass was identified in the API key creation and update endpoints. An attacker could create or modify API keys for arbitrary users by supplying a victim’s user ID in the request body. Due to a flaw in how the authenticated user was derived, the endpoints could...
EUVD-2021-1957
Malware in sbrugna...
GHSA-8HMM-4CRW-VM2C @musistudio/claude-code-router has improper CORS configuration
Impact Due to improper Cross-Origin Resource Sharing CORS configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could exploit this misconfiguration to steal credentials, abuse accounts, exhaust quotas, or access sensitive data...
CVE-2021-22257
An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user...
CVE-2024-29841
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETKEYSFIELDS, allowing for an unauthenticated attacker to return the keys value of any user...
PT-2024-29718 · Apache · Apache Cloudstack
Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions 4.10.0 through 4.19.1.0 Description: The issue is caused by an access permission validation problem that allows domain admin accounts to query all registered account-users API and secret keys, including those of the...
WordPress plugin Bricks Builder security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...
CVE-2024-29841
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETKEYSFIELDS, allowing for an unauthenticated attacker to return the keys value of any user...
CVE-2024-29841
Technical details for CVE-2024-29841 are not publicly available in the provided documents. Monitor for updates.
PT-2024-23079
Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below Description The issue concerns poorly configured access control on DESKTOP EDIT USER GET KEYS FIELDS in the Web interface, allowing an unauthenticated attacker to return the keys valu...
CVE-2023-46742 CubeFS leaks users key in logs
CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to th...
CVE-2023-46742 CubeFS leaks users key in logs
CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to th...
CubeFS Log Information Disclosure Vulnerability
CubeFS is a cloud-native file storage for CubeFS individual developers. A log information disclosure vulnerability exists in CubeFS versions prior to 3.3.1, which stems from disclosing user keys and access keys in logs...
PT-2023-25657 · Prolion · Prolion Cryptospike
Name of the Vulnerable Software and Affected Versions: ProLion CryptoSpike version 3.0.15P2 Description: The issue allows remote authenticated attackers to download host server SSH private keys associated with a Linux root user by injecting paths inside REST API endpoint parameters, specifically ...