EUVD-2021-0670

Malware in sbrugna...

EUVD-2024-47503

Malicious code in bioql PyPI...

EUVD-2023-35331

Malicious code in bioql PyPI...

GHSA-75VQ-QVHR-7FFR Umbraco Delivery API allows for cached requests to be returned with an invalid API key

Impact Umbraco's content delivery API can be restricted from public access such that an API key must be provided in a header to authorize the request. It's also possible to configure output caching, such that the delivery API outputs will be cached for a period of time, improving performance...

CVE-2024-5674

The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the checkapikey function in all versions up to, and including, 2.4.5. This makes it possible for unauthenticated attackers to list, create or delete...

CVE-2025-0628 Improper Authorization in BerriAI/litellm

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...

PT-2024-13539 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI versions prior to 2024R1 Nagios XI versions prior to 5.11.3 2024R1 Description: The issue is related to the improper handling of API keys generation in Nagios XI, allowing attackers to possibly generate the same set of API keys for...

CVE-2023-26468

Cerebrate 1.12 does not properly consider organisationid during creation of API keys...