WordPress Fortis For WooCommerce plugin < 1.3.1 - Sensitive API Key Disclosure vulnerability

Sensitive API Key Disclosure vulnerability discovered by WPScan Team in WordPress Plugin Fortis for WooCommerce versions 1.3.1...

CVE-2025-13997 King Addons for Elementor <= 51.1.49 - Unauthenticated API Keys Disclosure

The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...

EUVD-2023-44412

Malicious code in bioql PyPI...

EUVD-2023-44344

Malicious code in bioql PyPI...

CVE-2024-28088

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...

CVE-2023-3779

The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers...

CVE-2023-6777

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's...

CVE-2024-34897

Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability...

CVE-2024-34897

Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability...

CVE-2024-34897

CVE-2024-34897 affects the Nedis SmartLife Android app v1.4.0, with an API key disclosure vulnerability that could expose credentials in transit/at rest. According to the initial description, the vulnerability has a CVSS v3.1 base score of 7.5 (HIGH), attack vector Network, required privileges No...

CVE-2024-34897

Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability...

PT-2024-26239 · Nedis · Nedis Smartlife Android App

Name of the Vulnerable Software and Affected Versions: Nedis SmartLife android app version 1.4.0 Description: The issue concerns an API key disclosure. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited...

CVE-2023-6777

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's...

CVE-2023-6777 WP Go Maps (formerly WP Google Maps) <= 9.0.34 - Information Exposure to Potential Denial of Service

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's...

LangChain directory traversal vulnerability

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...

PYSEC-2024-43

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...

CVE-2024-28088

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...

PT-2024-22256 · Langchain · Langchain

Name of the Vulnerable Software and Affected Versions: LangChain versions 0.1.10 and earlier Description: The issue allows an actor who can control the final part of the path parameter in a load chain call to perform ../ directory traversal. This bypasses the intended behavior of loading...

CVE-2023-46723 lte-pic32-writer's sendto.txt may disclose URL and the API key

lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use sendto.txt are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNSsuch as slack and zulip URL and API key. As of time of publication, a patch is not ye...

Code injection

The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers...