Lucene search
K

1889 matches found

Prion
Prion
added 2022/06/13 1:15 p.m.18 views

Design/Logic Flaw

Vulnerable versions of the JupiterX Theme =2.0.6 allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterxapiajax actions registered by the JupiterX Core Plugin =2.0.6. This includes the...

5.5CVSS5.5AI score0.00513EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2022/06/13 12:41 p.m.2309 views

CVE-2022-1656

CVE-2022-1656 affects JupiterX Theme and JupiterX Core Plugin (versions

5.5CVSS5.9AI score0.00513EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2022/06/13 12:0 a.m.4 views

WordPress plugin Google Places Reviews 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS5.3AI score0.0071EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/06/08 10:50 a.m.2 views

CVE-2022-29453

Cross-Site Request Forgery CSRF vulnerability in API KEY for Google Maps plugin = 1.2.1 at WordPress leading to Google Maps API key update...

5.4CVSS4.9AI score0.00415EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/08 12:0 a.m.21 views

API KEY for Google Maps < 1.2.2 - Arbitrary API Key Update via CSRF

The plugin does not have CSRF in place when updating the API key, allowing attackers to make a logged in admin perform such action via a CSRF attack...

5.4CVSS5.5AI score0.00415EPSS
Exploits0Affected Software1
NVD
NVD
added 2022/06/06 7:15 p.m.29 views

CVE-2022-22396

Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are...

7.5CVSS0.00658EPSS
Exploits0References2
Prion
Prion
added 2022/06/06 7:15 p.m.18 views

Design/Logic Flaw

Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are...

5CVSS7.3AI score0.00658EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2022/06/05 4:30 p.m.10 views

Adobe: API Key reported in #1465145 not rotated and thus is still valid and can be used by anyone

Adobe appreciates the work and partnership with this security researcher. We value the commitment and dedication to our external security community...

2.8AI score
Exploits0
Kitploit
Kitploit
added 2022/06/02 9:30 p.m.25 views

Notionterm - Embed Reverse Shell In Notion Pages

Embedreverse shell in Notion pages. Hack while taking notes FOR: Hiding attacker IP in reverse shell No direct interaction between attacker and target machine. Notion is used as a proxy hosting the reverse shell Demo/Quick proof insertion within report High available and shareable reverse shell...

7.3AI score
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/24 5:13 p.m.37 views

Improper Privilege Management in Elasticsearch

Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...

8.8CVSS8.4AI score0.016EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:0 p.m.30 views

Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch

Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm...

5.3CVSS5.7AI score0.02429EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:56 p.m.31 views

Jenkins CodeScan Plugin has Insufficiently Protected Credentials

CodeScan Plugin stores an API key unencrypted in its global configuration file com.villagechief.codescan.jenkins.CodeScanBuilder.xml on the Jenkins controller. This API key can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is no fi...

5.5CVSS3.3AI score0.00321EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 4:56 p.m.16 views

GHSA-JP8R-JH5J-CGWF Jenkins CodeScan Plugin has Insufficiently Protected Credentials

CodeScan Plugin stores an API key unencrypted in its global configuration file com.villagechief.codescan.jenkins.CodeScanBuilder.xml on the Jenkins controller. This API key can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is no fi...

3.3CVSS5.3AI score0.00321EPSS
Exploits0References4
Hacker One
Hacker One
added 2022/05/22 2:41 a.m.6 views

HackerOne: Banned user still has access to their deleted account via HackerOne's API using their API key

The user's banned account could still be accessed using their previously generated API token, allowing them to perform actions such as retrieving reports, balance, earnings, payouts, weaknesses, and program information. This vulnerability was discovered and exploited on a test account...

7AI score
Exploits0
CNVD
CNVD
added 2022/05/18 12:0 a.m.15 views

WordPress Cliprs plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Cliprs plugin 1.2.3 and earlier versions have a cross-site scripting vulnerability that stems from ...

4.8CVSS2.3AI score0.00955EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2022/05/17 12:33 a.m.20 views

Exposure of Sensitive Information in Jenkins Datadog plugin

The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...

4.3CVSS1.1AI score0.01038EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/17 12:33 a.m.19 views

GHSA-HF7W-F4H4-9XP8 Exposure of Sensitive Information in Jenkins Datadog plugin

The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...

3.1CVSS3.5AI score0.01038EPSS
Exploits0References3
wpexploit
wpexploit
added 2022/05/17 12:0 a.m.120 views

Google Places Review < 2.0.0 - Admin+ Stored Cross Site Scripting

The plugin does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their...

4.8CVSS0.8AI score0.0071EPSS
Exploits2
OSV
OSV
added 2022/05/16 3:15 p.m.3 views

CVE-2022-1559

The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00955EPSS
Exploits2References2
NVD
NVD
added 2022/05/16 3:15 p.m.16 views

CVE-2022-1559

The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00955EPSS
Exploits2References2
Rows per page
Query Builder