Lucene search
K

1893 matches found

Wallarm Lab
Wallarm Lab
added 2023/01/19 2:2 p.m.30 views

Introducing Proactive API Leak Management

Read the press release announcing the early release of Wallarm API Leak Management The recent surge in hacks involving leaked API Keys and other API secrets such as credentials, passwords, certificates, tokens and encryption keys has put everyone involved on notice – organizations need a way to...

0.2AI score
Exploits0
NVD
NVD
added 2023/01/14 2:15 a.m.27 views

CVE-2023-22497

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has...

9.1CVSS7.8AI score0.0068EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2023/01/14 2:15 a.m.46 views

CVE-2023-22497

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has...

9.1CVSS7AI score0.0068EPSS
Exploits1References4
OSV
OSV
added 2023/01/14 2:15 a.m.5 views

UBUNTU-CVE-2023-22497

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has...

9.1CVSS7.1AI score0.0068EPSS
Exploits1References5
Prion
Prion
added 2023/01/14 2:15 a.m.12 views

Design/Logic Flaw

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has...

6.4CVSS9.1AI score0.0068EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/14 1:2 a.m.7 views

CVE-2023-22497 Netdata is vulnerable to improper authentication

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has...

6.5CVSS8AI score0.0068EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2023/01/14 1:2 a.m.25 views

CVE-2023-22497

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has...

9.1CVSS8.9AI score0.0068EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/01/14 1:2 a.m.23 views

CVE-2023-22497 Netdata is vulnerable to improper authentication

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has...

6.5CVSS9.4AI score0.0068EPSS
Exploits1References2
CVE
CVE
added 2023/01/14 1:2 a.m.104 views

CVE-2023-22497

Netdata CVE-2023-22497 concerns a streaming configuration flaw where a valid MACHINE_GUID could be used as an API key in stream.conf, allowing non-trusted users to access parent/child Netdata Agents. Affects Netdata agents that expose streaming functionality; attacker could leverage this to acces...

9.1CVSS7.7AI score0.0068EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/01/14 1:2 a.m.24 views

CVE-2023-22497 Netdata is vulnerable to improper authentication

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has...

6.5CVSS7.6AI score0.0068EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/01/14 12:0 a.m.4 views

PT-2023-18548 · Netdata +4 · Netdata +4

Name of the Vulnerable Software and Affected Versions: Netdata agent versions prior to 1.37 Netdata agent versions prior to 1.36.0-409 nightly Description: The issue affects Netdata Agents that expose their services to non-trusted users, particularly when the streaming feature is enabled, allowin...

9.8CVSS7AI score0.36171EPSS
Exploits9References35
NVD
NVD
added 2022/12/26 5:15 a.m.22 views

CVE-2021-45467

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/accountnewcreate&acc=guadaapi URI. Any number of %00...

9.8CVSS0.70947EPSS
Exploits1References2
Prion
Prion
added 2022/12/26 5:15 a.m.25 views

Code injection

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/accountnewcreate&acc=guadaapi URI. Any number of %00...

7.5CVSS9.4AI score0.70947EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/26 12:0 a.m.6 views

CVE-2021-45467

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/accountnewcreate&acc=guadaapi URI. Any number of %00...

7.2AI score0.70947EPSS
Exploits1References2
CVE
CVE
added 2022/12/26 12:0 a.m.99 views

CVE-2021-45467

CWP (Control Web Panel / CentOS Web Panel) is affected by CVE-2021-45467 in versions before 0.9.8.1107. The issue is an unauthenticated null-byte (%00) injection in the scripts parameter of /user/loader.php (and /user/login.php) that can be exploited to register arbitrary API keys or access sensi...

9.8CVSS9.4AI score0.70947EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/12/26 12:0 a.m.32 views

CVE-2021-45467

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/accountnewcreate&acc=guadaapi URI. Any number of %00...

9.7AI score0.70947EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2022/12/23 12:0 a.m.17 views

ConvertKit < 2.0.5 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins. PoC...

5.4CVSS2.7AI score0.00534EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/12/23 12:0 a.m.169 views

ConvertKit < 2.0.5 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins. Exploit:...

5.4CVSS0.2AI score0.00534EPSS
Exploits2
Prion
Prion
added 2022/12/22 9:15 p.m.25 views

Authorization

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

5CVSS7.5AI score0.01594EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/22 12:0 a.m.7 views

PT-2022-24175

Name of the Vulnerable Software and Affected Versions Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.5.6 Description The issue allows unauthenticated users to bypass authorization and update plugin settings, including the MailChimp API key, global styles, 404 page setting...

8.6CVSS7.3AI score0.01594EPSS
Exploits1References7
Rows per page
Query Builder