Lucene search
K

1894 matches found

Veracode
Veracode
added 2023/10/23 10:42 a.m.207 views

Information Disclosure

github.com/grafana/google-sheets-datasource is vulnerable to Information Disclosure. The vulnerability is due to improper error message sanitization in googlesheets.go during the client.GetSpreadsheet function call. This potentially expose the Google Sheet API-key that is configured for the data...

7.5CVSS6.8AI score0.00389EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/10/20 8:15 a.m.3 views

CVE-2023-4021

The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS7.3AI score0.00319EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/20 7:29 a.m.8 views

CVE-2023-4021 Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS6.7AI score0.00319EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/10/20 7:29 a.m.22 views

CVE-2023-4021 Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS4.8AI score0.00319EPSS
Exploits0References2
OSV
OSV
added 2023/10/16 12:33 p.m.26 views

GHSA-37X5-QPM8-53RQ Google Sheets data source plugin for Grafana information disclosure vulnerability

Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...

5.5CVSS6.1AI score0.00389EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/10/16 12:33 p.m.57 views

Google Sheets data source plugin for Grafana information disclosure vulnerability

Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...

7.5CVSS6.4AI score0.00389EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/10/16 10:15 a.m.39 views

CVE-2023-4457

Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...

7.5CVSS6.1AI score0.00389EPSS
Exploits0References1
Prion
Prion
added 2023/10/16 10:15 a.m.22 views

Information disclosure

Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...

5CVSS7.3AI score0.00389EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/16 9:45 a.m.15 views

CVE-2023-4457

Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...

5.5CVSS6.4AI score0.00389EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/16 9:45 a.m.45 views

CVE-2023-4457

Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...

5.5CVSS7.4AI score0.00389EPSS
Exploits0References1
OSV
OSV
added 2023/10/02 9:8 a.m.3 views

OPENSUSE-SU-2023:0279-1 Security update for python-bugzilla

This update for python-bugzilla fixes the following issues: - Fixed potential API Key leak boo1215718...

7.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/02 12:0 a.m.4 views

PT-2023-35511 · Unknown · Python-Bugzilla

Name of the Vulnerable Software and Affected Versions: python-bugzilla affected versions not specified Description: The issue concerns a potential API Key leak. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world...

7.1AI score
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2023/10/02 12:0 a.m.10 views

Security update for python-bugzilla (important)

openSUSE Security Update: Security update for python-bugzilla Announcement ID: openSUSE-SU-2023:0279-1 Rating: important References: 1215718 Affected Products: openSUSE Backports SLE-15-SP4 An update that contains security fixes can now be installed. Description: This update for python-bugzilla...

7.3AI score
Exploits0
GithubExploit
GithubExploit
added 2023/09/27 11:56 p.m.448 views

Exploit for PHP External Variable Modification in Juniper Junos

Juniper Scanner Scanner for CVE-2023-36845 by bt0 More inform...

9.8CVSS8AI score0.93546EPSS
Exploits25
Hacker One
Hacker One
added 2023/09/15 5:35 a.m.17 views

Frontegg: PATCH method manipulation allowing the users to escalate their functionalities and edit (upgrade/downgrade) API Keys settings which is not allowed

The PATCH method allowed users to edit API key information, including the description, role IDs, and other settings, which was not intended functionality. This represented a broken access control vulnerability that enabled users to escalate their privileges and manipulate API keys beyond their...

7.2AI score
Exploits0
WPVulnDB
WPVulnDB
added 2023/09/14 12:0 a.m.22 views

Leyka < 3.30.7.1 - Subscriber+ Sensitive Information Disclosure

Description The plugin is vulnerable to Sensitive Information Exposure via the 'leykaajaxgetenvandoptions' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API key and password, PayPal Client Secret, and more...

6.5CVSS6.2AI score0.0059EPSS
Exploits0Affected Software1
NVD
NVD
added 2023/09/13 3:15 a.m.16 views

CVE-2023-4917

The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.7 via the 'leykaajaxgetenvandoptions' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API...

6.5CVSS5.4AI score0.0059EPSS
Exploits0References3
Prion
Prion
added 2023/09/13 3:15 a.m.20 views

Design/Logic Flaw

The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leykaajaxgetenvandoptions' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API...

4CVSS6.5AI score0.0059EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/13 2:54 a.m.8 views

CVE-2023-4917 Leyka <= 3.30.7 - Authenticated (Subscriber+) Sensitive Information Exposure

The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.7 via the 'leykaajaxgetenvandoptions' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API...

5.3CVSS6.8AI score0.0059EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/09/13 2:54 a.m.32 views

CVE-2023-4917 Leyka <= 3.30.7 - Authenticated (Subscriber+) Sensitive Information Exposure

The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.7 via the 'leykaajaxgetenvandoptions' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API...

5.3CVSS6.5AI score0.0059EPSS
Exploits0References3
Rows per page
Query Builder