Lucene search
K

1894 matches found

Veracode
Veracode
added 2023/08/06 4:19 a.m.35 views

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability allows a project maintainer to access the DataDog integration API key from webhook logs resulting in disclosure of sensitive information...

6.8CVSS6.6AI score0.00662EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/07/27 7:15 p.m.24 views

CVE-2023-38510

Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. It's...

8.1CVSS7.8AI score0.00486EPSS
Exploits0References4
Prion
Prion
added 2023/07/27 7:15 p.m.16 views

Code injection

Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. It's...

5.5CVSS7.7AI score0.00486EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/27 6:57 p.m.19 views

CVE-2023-38510 Tolgee Lacks Permission Check for API Key for some endpoints

Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. It's...

8.1CVSS7.8AI score0.00486EPSS
Exploits0References4
CVE
CVE
added 2023/07/27 6:57 p.m.2512 views

CVE-2023-38510

Tolgee CVE-2023-38510 affects Tolgee versions 3.14.0 through 3.23.1. The issue is that API-key requests bypass permission scope checks, effectively bypassing authorization for some endpoints. This vulnerability can enable unauthorized access if API keys are exposed on the internet; cases where ke...

8.1CVSS7.8AI score0.00486EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/07/27 6:57 p.m.36 views

CVE-2023-38510 Tolgee Lacks Permission Check for API Key for some endpoints

Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. It's...

8.1CVSS8AI score0.00486EPSS
Exploits0References4
Hacker One
Hacker One
added 2023/07/24 1:12 p.m.35 views

HackerOne: Bypass report submit restriction/ban using the API key

A vulnerability was discovered that allowed banned researchers to submit reports through API keys, bypassing reporting restrictions. By creating an API key after an account was banned from submitting reports, a researcher could still submit reports to programs without restrictions, potentially...

6.9AI score
Exploits0
OpenVAS
OpenVAS
added 2023/07/21 12:0 a.m.20 views

WordPress Essential Addons for Elementor Plugin < 5.8.2 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpdeveloper:essentialaddonsforelementor"; ifdescription...

5.3CVSS7AI score0.00487EPSS
Exploits0References1
NVD
NVD
added 2023/07/20 6:15 a.m.25 views

CVE-2023-3779

The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers...

5.3CVSS5.3AI score0.00487EPSS
Exploits0References2
Prion
Prion
added 2023/07/20 6:15 a.m.71 views

Code injection

The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers...

5CVSS5.7AI score0.00487EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/07/20 5:38 a.m.2505 views

CVE-2023-3779

The CVE-2023-3779 entry affects the WordPress plugin “Essential Addons for Elementor” (WPDeveloper) for WordPress, indicating that versions up to and including 5.8.1 disclose MailChimp API keys via source code added to pages using the MailChimp block. Root cause: unauthenticated disclosure of API...

5.3CVSS5.7AI score0.00487EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/07/20 5:38 a.m.29 views

CVE-2023-3779 Essential Addons For Elementor <=5.8.1 - Unauthenticated MailChimp API Key Disclosure

The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers...

5.3CVSS5.5AI score0.00487EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/20 5:38 a.m.9 views

CVE-2023-3779

The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers...

5.3CVSS6.9AI score0.00487EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/20 12:0 a.m.5 views

PT-2023-26109 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons For Elementor plugin for WordPress versions up to, and including, 5.8.1 Description: The issue allows unauthenticated attackers to obtain a site's MailChimp API key due to the plugin adding the API key to the source code ...

5.3CVSS6.2AI score0.00487EPSS
Exploits0References8
NVD
NVD
added 2023/07/18 3:15 a.m.17 views

CVE-2023-3709

The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to...

5.3CVSS0.00579EPSS
Exploits0References2
Prion
Prion
added 2023/07/18 3:15 a.m.16 views

Code injection

The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to...

5CVSS6.9AI score0.00579EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/07/18 2:1 a.m.27 views

CVE-2023-3709 Royal Elementor Addons <=1.3.70 - Unauthenticated MailChimp API Key Disclosure

The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to...

5.3CVSS7.1AI score0.00579EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/18 2:1 a.m.11 views

CVE-2023-3709 Royal Elementor Addons <=1.3.70 - Unauthenticated MailChimp API Key Disclosure

The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to...

5.3CVSS6.7AI score0.00579EPSS
Exploits0References2
CVE
CVE
added 2023/07/18 2:1 a.m.2556 views

CVE-2023-3709

The CVE-2023-3709 vulnerability affects the WordPress plugin Royal Elementor Addons, with affected versions up to and including 1.3.70. The issue allows unauthenticated disclosure of a site’s MailChimp API key because the plugin writes the API key into the source code of pages that render the Mai...

5.3CVSS6.7AI score0.00579EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/18 12:0 a.m.19 views

Royal Elementor Addons < 1.3.71 - Unauthenticated API Key Disclosure

Description The plugin discloses the MailChimp API key in pages with the MailChimp block, allowing unauthenticated users to obtain such key...

5.3CVSS6.3AI score0.00579EPSS
Exploits0Affected Software1
Rows per page
Query Builder