5 matches found
CVE-2026-1667
The CVE concerns the SEO Plugin by Squirrly SEO for WordPress (up to version 14.0.0) with a vulnerability in savePost() that allows unauthenticated users to create arbitrary posts and, if Advanced Custom Fields is installed, to inject stored XSS scripts. Root cause is a leak of an API token and i...
NPM: n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host
NPM: n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...
CVE-2024-48951
An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery SSRF on SOAR can be used to leak Logpoint's API Token leading to authentication bypass...
CVE-2024-48951
An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery SSRF on SOAR can be used to leak Logpoint's API Token leading to authentication bypass...
Mozilla: User API Key leakage in Github commit leads to unauthorized access to sql.telemetry.mozilla.org
A Mozilla employee's API token for https://sql.telemetry.mozilla.org was leaked in one of the Github repos. The token provided access to the service dashboard which contained confidential data. The API token was rotated and removed from the service...