Lucene search
K

1890 matches found

Vulnrichment
Vulnrichment
added 2022/12/05 4:50 p.m.4 views

CVE-2022-3907 Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure

The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options...

6.4AI score0.00881EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/12/05 12:0 a.m.2 views

WordPress plugin Clerk 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...

7.5CVSS7.2AI score0.00881EPSS
Exploits2References2
NVD
NVD
added 2022/12/02 9:15 p.m.9 views

CVE-2022-4217

The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apikey' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to...

5.5CVSS0.00642EPSS
Exploits1References5
OSV
OSV
added 2022/12/02 9:15 p.m.3 views

CVE-2022-4217

The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apikey' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to...

4.8CVSS5.9AI score0.00642EPSS
Exploits1References4
CVE
CVE
added 2022/12/02 8:58 p.m.52 views

CVE-2022-4217

The CVE-2022-4217 entry concerns the WordPress plugin Chained Quiz. Affected versions are up to and including 1.3.2.2 and the root cause is insufficient input sanitization and output escaping in the api_key parameter. This enables stored cross-site scripting (XSS), where authenticated administrat...

5.5CVSS4.6AI score0.00642EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2022/12/02 12:0 a.m.3 views

WordPress plugin Chained Quiz 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

5.5CVSS5AI score0.00642EPSS
Exploits1References5
Kitploit
Kitploit
added 2022/11/30 3:30 p.m.93 views

D4TA-HUNTER - GUI Osint Framework With Kali Linux

D4TA-HUNTER is a tool created in order to automate the collection of information about the employees of a company that is going to be audited for ethical hacking. In addition, in this tool we can find in the "search company" section by inserting the domain of a company, emails of employees,...

7AI score
Exploits0References2
wpexploit
wpexploit
added 2022/11/30 12:0 a.m.156 views

Paytium < 4.3.7 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Playtium » Settings and in the 'Test'...

4.8CVSS0.5AI score0.0047EPSS
Exploits2
NVD
NVD
added 2022/11/29 11:15 p.m.10 views

CVE-2022-46155

Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLEAPIKEY and...

7.6CVSS0.00448EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/29 12:0 a.m.4 views

Airtable.js 安全漏洞

Airtable.js is Airtable open source an Airtable javascript client . Provides a simple way to access the data . A misconfiguration vulnerability exists in Airtable.js versions prior to 0.11.6 that stems from a misconfiguration in a script that binds environment variables to the build target of a...

7.6CVSS6.5AI score0.00448EPSS
Exploits0References4
CVE
CVE
added 2022/11/29 12:0 a.m.69 views

CVE-2022-46155

Summary: CVE-2022-46155 describes a misconfiguration in Airtable.js prior to 0.11.6 where the build script would bundle AIRTABLE_API_KEY and AIRTABLE_ENDPOINT_URL into the transpiled bundle when building from source. This affects copies built from source (not npm/yarn-installed packages) if the u...

7.6CVSS6.5AI score0.00448EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/29 12:0 a.m.5 views

PT-2022-27772 · Airtable · Airtable.Js

Name of the Vulnerable Software and Affected Versions: Airtable.js versions prior to 0.11.6 Description: The issue arises from a misconfigured build script in the Airtable.js source package, which bundles environment variables into the build target of a transpiled bundle. Specifically, the AIRTAB...

7.6CVSS6.5AI score0.00448EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/11/21 12:0 a.m.7 views

CVE-2022-3691 DeepL Pro API Translation < 1.7.5 - API Key Disclosure

The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information including the DeepL API key in files that are publicly accessible to an external, unauthenticated visitor...

6.5AI score0.00858EPSS
Exploits1References1
wpexploit
wpexploit
added 2022/11/11 12:0 a.m.119 views

Broken Link Checker < 1.11.20 - Admin+ Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the Youtube API Key...

4.8CVSS0.1AI score0.00506EPSS
Exploits2
Hacker One
Hacker One
added 2022/11/08 11:12 a.m.180 views

AMBER AI: Support Portal Takeover via Leaked API KEY

Thanks @khizer47 for the report. Insecure zendesk API token hardcoded in JS file, causing Support portals to lose control of administrator rights. We removed dangerous token and controlled permissions by using more secure OAuth token. An API key & associated Email was Hardcoded into a JS file...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/11/05 12:0 a.m.37 views

FreeBSD : Gitlab -- Multiple vulnerabilities (16f7ec68-5cce-11ed-9be7-454b1dd82c64)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 16f7ec68-5cce-11ed-9be7-454b1dd82c64 advisory. - Gitlab reports: DAST analyzer sends custom request headers with every request Stored-XSS wit...

9CVSS6.2AI score0.86326EPSS
Exploits2References15
NVD
NVD
added 2022/11/01 2:15 a.m.32 views

CVE-2022-2572

In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked...

9.8CVSS0.00833EPSS
Exploits0References1
Prion
Prion
added 2022/11/01 2:15 a.m.22 views

Authentication flaw

In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked...

7.5CVSS9.5AI score0.00833EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/01 12:0 a.m.9 views

PT-2022-17478 · Unknown · Octopus Server

Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue concerns Octopus Server versions where access is managed by an external authentication provider. In these versions, it was possible for the API key/keys of a disabled or...

9.8CVSS9.4AI score0.00833EPSS
Exploits0References3
CVE
CVE
added 2022/11/01 12:0 a.m.51 views

CVE-2022-2572

CVE-2022-2572 affects Octopus Server when authentication is managed by an external provider. The issue: API keys of disabled/deleted users remain valid after access is revoked, enabling potential unauthorized use. Documented impact is high (CVSS 3.1: CRITICAL, 9.8), with network attack vector, no...

9.8CVSS9.5AI score0.00833EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder