Lucene search
K

1893 matches found

Vulnrichment
Vulnrichment
added 2023/05/30 7:49 a.m.9 views

CVE-2023-0443 AnyWhere Elementor < 1.2.8 - Freemius API Key Disclosure

The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked...

6.6AI score0.0062EPSS
Exploits2References1
Spring Security Advisories
Spring Security Advisories
added 2023/05/30 12:0 a.m.20 views

This Week in Spring - May 30th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! This installment I write on the day of my daughter's High School graduation, an auspicious day indeed! There's a lot to get through this week, though, and I have a graduation to get to, so let's dive right in! Spring...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.349 views

GetSimple CMS 3.3.16 Shell Upload

Exploit Title: GetSimple CMS v3.3.16 - Remote Code Execution RCE Data: 18/5/2023 Exploit Author : Youssef Muhammad Vendor: Get-simple Software Link: Version app: 3.3.16 Tested on: linux CVE: CVE-2022-41544 import sys import hashlib import re import requests from xml.etree import ElementTree from...

9.8CVSS7.1AI score0.09442EPSS
Exploits12
Kitploit
Kitploit
added 2023/05/19 12:30 p.m.25 views

KoodousFinder - A Simple Tool To Allows Users To Search For And Analyze Android Apps For Potential Security Threats And Vulnerabilities

A simple tool to allows users to search for and analyze android apps for potential security threats and vulnerabilities Account and API Key Create a Koodous account and get your api key https://koodous.com/settings/developers Install $ pip install koodousfinder Arguments Param | description ---|-...

7.2AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 3:40 p.m.28 views

Security Bulletin: IBM Cloud Pak for Security (CP4S) could allow an attacker with a valid API key for one tenant to access data from another tenant's account. (CVE-2023-30993)

Summary IBM Cloud Pak for Security CP4S could allow an attacker with a valid API key for one tenant to access data from another tenant's account. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section...

7.5CVSS7.2AI score0.00615EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2023/05/16 11:59 p.m.26 views

API Token Disclosure

planet is vulnerable to API Token Disclosure. The vulnerability is due to insecure file permissions set on the secrets file containing the API key. Any user in the system is able to view the secret file, which stores the user's Planet API login token...

5.5CVSS6.8AI score0.00255EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/05/16 6:15 p.m.23 views

CVE-2023-2632

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS4.6AI score0.00633EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/16 12:0 a.m.7 views

PT-2023-20615 · Jenkins · Credentials Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Code Dx Plugin versions 3.1.0 and earlier Description: The issue concerns the storage and display of Code Dx server API keys. In affected versions, these keys are stored unencrypted in job config.xml files on the Jenkins controller an...

4.3CVSS4.4AI score0.00409EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2023/05/13 7:45 a.m.53 views

New Phishing-as-a-Service Platform Lets Cybercriminals Generate Convincing Phishing Pages

A new phishing-as-a-service PhaaS or PaaS platform named Greatness has been leveraged by cybercriminals to target business users of the Microsoft 365 cloud service since at least mid-2022, effectively lowering the bar to entry for phishing attacks. "Greatness, for now, is only focused on Microsof...

6.9AI score
Exploits0
wpexploit
wpexploit
added 2023/05/02 12:0 a.m.182 views

AnyWhere Elementor < 1.2.8 - Freemius API Key Disclosure

The plugin discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked. See the disclosed secret key in includes/pro.php...

5.3CVSS6.8AI score0.0062EPSS
Exploits2
NVD
NVD
added 2023/04/11 9:15 a.m.10 views

CVE-2023-22429

Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier uses hard-coded credentials API key for an external service, which may allow a local attacker to obtain the hard-coded API key via reverse-engineering the application binary...

7.8CVSS7.4AI score0.00161EPSS
Exploits0References2
Prion
Prion
added 2023/04/11 9:15 a.m.11 views

Hardcoded credentials

Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier uses hard-coded credentials API key for an external service, which may allow a local attacker to obtain the hard-coded API key via reverse-engineering the application binary...

4.3CVSS7.3AI score0.00161EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/11 12:0 a.m.28 views

CVE-2023-22429

Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier uses hard-coded credentials API key for an external service, which may allow a local attacker to obtain the hard-coded API key via reverse-engineering the application binary...

7.6AI score0.00161EPSS
Exploits0References2
CVE
CVE
added 2023/04/11 12:0 a.m.59 views

CVE-2023-22429

The CVE affects the Android app Wolt Delivery: Food and more (versions 4.27.2 and earlier). Root cause: hard-coded API key for an external service embedded in the application binary, enabling a local attacker to extract it via reverse-engineering. Impact, as stated, is high for confidentiality/in...

7.8CVSS7.3AI score0.00161EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/11 12:0 a.m.9 views

CVE-2023-22429

Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier uses hard-coded credentials API key for an external service, which may allow a local attacker to obtain the hard-coded API key via reverse-engineering the application binary...

7.4AI score0.00161EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2023/04/06 12:0 a.m.254 views

BTCPay Server 1.7.4 HTML Injection

Exploit Title: BTCPay Server v1.7.4 - HTML Injection Date: 01/26/2023 Exploit Author: Manojkumar J TheWhiteEvil Vendor Homepage: https://github.com/btcpayserver/btcpayserver Software Link: https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5 Version: clickhere 3. Click remove/delete A...

8.8CVSS8.8AI score0.07896EPSS
Exploits4
0day.today
0day.today
added 2023/04/05 12:0 a.m.262 views

BTCPay Server v1.7.4 - HTML Injection Vulnerability

Exploit Title: BTCPay Server v1.7.4 - HTML Injection Exploit Author: Manojkumar J TheWhiteEvil Vendor Homepage: https://github.com/btcpayserver/btcpayserver Software Link: https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5 Version: clickhere 3. Click remove/delete API key, the html...

8.8CVSS8.7AI score0.07896EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.156 views

BTCPay Server v1.7.4 - HTML Injection

Exploit Title: BTCPay Server v1.7.4 - HTML Injection Date: 01/26/2023 Exploit Author: Manojkumar J TheWhiteEvil Vendor Homepage: https://github.com/btcpayserver/btcpayserver Software Link: https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5 Version: clickhere 3. Click remove/delete A...

8.8CVSS7AI score0.07896EPSS
Exploits4
Github Security Blog
Github Security Blog
added 2023/03/27 10:17 p.m.42 views

Apiman vulnerable to permissions bypass due to missing check on API key URL

Impact Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL. The URL includes Organisation ID, Client ID, and Client Version of the targeted non-permitted...

6.4CVSS4.9AI score0.0034EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/27 8:46 p.m.5 views

CVE-2023-28640 Permissions bypass in Apiman could enable authenticated attacker to unpermitted API Key

Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...

6.4CVSS6.7AI score0.0034EPSS
Exploits0References2
Rows per page
Query Builder