CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

IBM Cloud Pak for Security CP4S 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. IBM X-Force ID: 254136...

7.5CVSS6.4AI score0.00082EPSS

Exploits0References1

Github Security Blog•added 2025/04/02 3:31 p.m.•27 views

Jenkins Cadence vManager Plugin Stores Verisium Manager vAPI keys Unencrypted

Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins...

4.3CVSS6.9AI score0.00937EPSS

Exploits0References4Affected Software1

Cvelist•added 2025/03/19 3:38 p.m.•11 views

CVE-2025-30197

Jenkins Zoho QEngine Plugin 1.0.29.vfacc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it...

0.00092EPSS

Exploits0References1

Cvelist•added 2024/06/12 1:58 p.m.•20 views

CVE-2024-23445 Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions

It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...

6.5CVSS0.00206EPSS

Exploits0References1

OSV•added 2024/03/27 6:15 p.m.•3 views

CVE-2024-23451

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

6.5CVSS7.3AI score

Exploits0References1

CVE•added 2024/03/27 6:3 p.m.•330 views

CVE-2024-23451

Summary: CVE-2024-23451 affects Elasticsearch 8.10.0 and earlier, with versions before 8.13.0 vulnerable to an incorrect API key–based authorization in Remote Cluster Security. A remote attacker with a valid API key (and using the custom transport protocol) can read arbitrary documents from a rem...

6.5CVSS4.7AI score0.00341EPSS

Exploits0References1Affected Software1

Prion•added 2023/07/03 6:15 p.m.•9 views

Code injection

tktchurch/website contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized...

6.4CVSS9AI score0.00115EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by