Execution with Unnecessary Privileges

Overview openc3 is a Python support for OpenC3 COSMOS Affected versions of this package are vulnerable to Execution with Unnecessary Privileges through the runscript.py and runscript.rb script execution paths in the script runner components. An attacker can read sensitive credentials by running a...

CVE-2026-22203

wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain exported files containing plaintext API secrets like fbAppSecret, googleClientSecret, twitterAppSecret...

EUVD-2018-9745

Malware in sbrugna...

EUVD-2024-36633

Malicious code in bioql PyPI...

EUVD-2024-2135

Malicious code in bioql PyPI...

EUVD-2023-12491

Malicious code in bioql PyPI...

CVE-2024-37397

An External XML Entity XXE vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets...

DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked

Buzzy Chinese artificial intelligence AI startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data. The ClickHouse database "allows full control over...

CVE-2024-37397

An External XML Entity XXE vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets...

CVE-2024-37397

An External XML Entity XXE vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets...

CVE-2024-37397

CVE-2024-37397 is an XXE vulnerability in Ivanti Endpoint Manager (EPM) provisioning web service. It affects EPM 2022 SU5 and earlier, and 2024.s September update/pre-release lines, allowing a remote unauthenticated attacker to leak API secrets. The issue stems from external XML entity handling i...

CVE-2024-37397

An External XML Entity XXE vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets...

CVE-2024-37397

An External XML Entity XXE vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets...

Ivanti Endpoint Manager 安全漏洞

Ivanti Endpoint Manager EPM is a suite of endpoint security managers from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Endpoint Manager version 2024 and 2022 SU5 and earlier versions, which stems from an external XML entity XXE vulnerability in the Ivanti EPM Configuration W...

PT-2024-6322 · Ivanti · Ivanti Epm

Name of the Vulnerable Software and Affected Versions: Ivanti EPM versions prior to 2022 SU6 Ivanti EPM versions prior to the 2024 September update Description: The issue is related to an External XML Entity XXE vulnerability in the provisioning web service, allowing a remote unauthenticated...

CVE-2023-5576

The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets stored in plaintext in the publicly visible plugin source. This could allow unauthenticated attackers to impersonate...

Wallarm Releases New End-to-End Solution to Reduce Risk and Time-to-Remediate Leaked API Keys and Secrets

Advancement to API Security Technology Will Combat Recent Surge in Hacks Leveraging Leaked API; Early Release Now Available San Francisco, CA –BUSINESS WIRE– January 19, 2023 – Wallarm, the end-to-end API security company, today announced the early release of the Wallarm API Leak Management...

CVE-2018-18006

Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files...

CVE-2018-18006

The CVE-2018-18006 entry describes hardcoded credentials in Ricoh myPrint Windows (v2.9.2.4) and Android (v2.2.7) clients that grant access to the external myPrint WSDL API. The root cause is credential leakage embedded in the applications, enabling access to API secrets, mail-server passwords, a...

Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials

Exploit Title: Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials Google Dork: intitle:"ricoh myprint" "Copyright Ricoh. All Rights Reserved" Date: 2018-11-19 Exploit Author: Hodorsec Vendor Homepage: https://www.ricoh.com Software Link:...