Lucene search
K

1894 matches found

Vulnrichment
Vulnrichment
added 2023/03/27 8:46 p.m.5 views

CVE-2023-28640 Permissions bypass in Apiman could enable authenticated attacker to unpermitted API Key

Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...

6.4CVSS6.7AI score0.0034EPSS
Exploits0References2
Huntr
Huntr
added 2023/03/22 7:33 a.m.35 views

IDOR Vulnerability Allow the owner of one Organization can create, edit, delete apikeys that belong to other organization

1 first, we create two organizations: org1 and org2. The owner of them is user1 and user2 corresponding. 2 we login as user1 and create a new API keys 3 using the burpsuit to hack hijack the post. 4 The post and can be like:...

6.5CVSS6.3AI score0.00859EPSS
Exploits1
WPVulnDB
WPVulnDB
added 2023/03/20 12:0 a.m.17 views

Klaviyo <= 3.0.10 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Klaviyo Settings, and at Klaviyo...

4.8CVSS5.2AI score0.00442EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/03/20 12:0 a.m.392 views

Klaviyo <= 3.0.10 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Klaviyo Settings, and at Klaviyo Setting...

4.8CVSS5.4AI score0.00442EPSS
Exploits2
Prion
Prion
added 2023/03/17 3:15 p.m.11 views

Cross site request forgery (csrf)

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions...

6.8CVSS6AI score0.00209EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/03/17 2:21 p.m.53 views

CVE-2023-1472

Summary (CVE-2023-1472) The RapidLoad Power-Up for Autoptimize WordPress plugin is vulnerable to Cross-Site Request Forgery in versions up to 1.7.1 due to missing or incorrect nonce validation on AJAX actions. This allows an unauthenticated attacker to trigger admin actions by deceiving a site ad...

6.3CVSS6.3AI score0.00209EPSS
Exploits0References2Affected Software1
Kitploit
Kitploit
added 2023/03/16 11:30 a.m.149 views

GPT_Vuln-analyzer - Uses ChatGPT API And Python-Nmap Module To Use The GPT3 Model To Create Vulnerability Reports Based On Nmap Scan Data

This is a Proof Of Concept application that demostrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT. Requirements Python 3.10 All the packages mentioned in the requirements.txt file OpenAi api...

7.3AI score
Exploits0References1
NVD
NVD
added 2023/03/13 10:15 p.m.12 views

CVE-2023-27587

ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google...

7.4CVSS7.3AI score0.03857EPSS
Exploits1References2
Prion
Prion
added 2023/03/13 10:15 p.m.13 views

Cross site request forgery (csrf)

ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google...

4CVSS6.3AI score0.03857EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/13 12:0 a.m.10 views

CVE-2023-27587

ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google...

7.4CVSS7.3AI score0.03857EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/03/13 12:0 a.m.7 views

PT-2023-21228 · Google · Google Cloud Api +1

Name of the Vulnerable Software and Affected Versions: ReadtoMyShoe versions prior to commit 8533b01 Description: The issue arises when an error occurs while adding an article to the web app, resulting in an error message that includes sensitive information. Specifically, if the error is related ...

7.4CVSS6.4AI score0.03857EPSS
Exploits1References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/13 12:0 a.m.50 views

JVN#64453490: Android App "Wolt Delivery: Food and more" uses a hard-coded API key for an external service

Android App "Wolt Delivery: Food and more" provided by Wolt uses a hard-coded API key for an external service CWE-798. Impact The hard-coded API key may be retrieved via reverse-engineering the application binary. Note that the application users are not directly affected by this vulnerability...

7.8CVSS7.4AI score0.00161EPSS
Exploits0
Cvelist
Cvelist
added 2023/03/13 12:0 a.m.20 views

CVE-2023-27587

ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google...

7.4CVSS7.5AI score0.03857EPSS
Exploits1References2
CVE
CVE
added 2023/03/13 12:0 a.m.62 views

CVE-2023-27587

ReadtoMyShoe (RTMS) is affected by CVE-2023-27587. When an article-adding error occurs, the TTS request URL may leak the Google Cloud API key in the full URL. A PoC demonstrates the leaked key in the error output; the issue is tied to pre-8533b01 behavior. The advisory notes that this has been pa...

7.4CVSS6.3AI score0.03857EPSS
In wildExploits1References2Affected Software1
OSV
OSV
added 2023/03/13 12:0 a.m.18 views

CVE-2023-27587

ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google...

7.4CVSS6.6AI score0.03857EPSS
Exploits1References4
Veracode
Veracode
added 2023/03/12 4:42 a.m.29 views

Information Disclosure

netdata is vulnerable to Information Disclosure. Netdata Agents have an automatically generated MACHINE GUID that is saved to disk and can persist across restarts and reboots. Streaming is a feature that allows a Netdata Agent to act as parent for other Netdata Agents children, offloading childre...

9.1CVSS8.7AI score0.0068EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/03/09 8:15 p.m.17 views

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site...

4.7CVSS4.2AI score0.00565EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/03/09 8:15 p.m.4 views

UBUNTU-CVE-2023-0483

An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site...

5.5CVSS5.7AI score0.00565EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/03/09 12:0 a.m.7 views

CVE-2023-0483

An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site...

5.5CVSS5.2AI score0.00565EPSS
Exploits0References3
CVE
CVE
added 2023/03/09 12:0 a.m.96 views

CVE-2023-0483

GitLab CVE-2023-0483 affects 12.1–version before 15.7.8, 15.8 before 15.8.4, and 15.9 before 15.9.2. The flaw allows a project maintainer to extract a Datadog integration API key by modifying the site. The initial description lists affected versions and the leakage of a Datadog API key; no concre...

5.5CVSS4AI score0.00565EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder