CVE-2025-26521 Apache CloudStack: CKS cluster in project exposes user API keys

When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based...

CVE-2025-47849 Apache CloudStack: Insecure access of user's API/Secret Keys in the same domain

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not appropriately restricted and...

PT-2025-25167 · Apache · Apache Cloudstack

Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions prior to 4.19.3.0 Apache CloudStack versions prior to 4.20.1.0 Description: The issue allows a member of a project to access the API key and secret key of the 'kubeadmin' user of the CKS cluster's creator's account,...

CVE-2025-5018

The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hsupdateaichatsettings and hivelitesupportgetallbinbox functions in all versions up to, and including, 1.2.5. This makes it possible for authenticated...

CVE-2025-5018

CVE-2025-5018 affects the WordPress Hive Support plugin (<= 1.2.4; Patch references include

CVE-2025-5018 Hive Support <= 1.2.5 - Authenticated (Subscriber+) Missing Authorization via hs_update_ai_chat_settings and hive_lite_support_get_all_binbox

The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hsupdateaichatsettings and hivelitesupportgetallbinbox functions in all versions up to, and including, 1.2.5. This makes it possible for authenticated...

PT-2025-24033 · WordPress · Hive Support

Name of the Vulnerable Software and Affected Versions: Hive Support plugin for WordPress affected versions not specified Description: The issue concerns unauthorized access and modification of data due to a missing capability check. This allows for an authentication bypass, enabling unauthorized...

Cross-site Scripting (XSS)

github.com/forceu/gokapi is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the API key renaming feature, which allowed authenticated users to inject JavaScript that would execute when another user accessed the API tab...

CVE-2025-48495

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0,...

GHSA-4XG4-54HM-9J77 Gokapi has stored XSS vulnerability in friendly name for API keys

Impact By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. With the affected versions v2.0, there was no user permission system implemented, therefore all authenticated...

CVE-2025-48495

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0,...

CVE-2025-48495 Gokapi has stored XSS vulnerability in friendly name for API keys

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0,...

Gokapi 安全漏洞

Gokapi is a lightweight, self-hosted Firefox sending alternative from Marc Bulling Personal Developer. A security vulnerability exists in Gokapi versions prior to 2.0.0, which stems from a cross-site scripting attack that may result from the injection of JavaScript code when renaming API key...

CVE-2025-48491

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...

CVE-2025-48491

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...

CVE-2025-48491

CVE-2025-48491 affects Project AI, a platform for creating AI agents. The root cause is a hardcoded API key present in the source code before the pre‑beta version. The issue has been patched in the pre‑beta version, mitigating exposure. Public details in connected documents confirm this remediati...

CVE-2025-48491 Project AI API Key Exposure in Source Code

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...

CVE-2025-48491 Project AI API Key Exposure in Source Code

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...

CVE-2025-48491 Project AI API Key Exposure in Source Code

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...

PT-2025-23241 · Unknown · Project Ai

Name of the Vulnerable Software and Affected Versions: Project AI versions prior to pre-beta Description: The issue concerns a hardcoded API key present in the source code of Project AI, a platform for creating AI agents. This problem has been resolved in the pre-beta version. Recommendations: Fo...