CVE-2024-11037 Path Traversal in binary-husky/gpt_academic

A path traversal vulnerability exists in binary-husky/gptacademic at commit 679352d, which allows an attacker to bypass the blockedpaths protection and read the config.py file containing sensitive information such as the OpenAI API key. This vulnerability is exploitable on Windows operating syste...

CVE-2024-11037 Path Traversal in binary-husky/gpt_academic

A path traversal vulnerability exists in binary-husky/gptacademic at commit 679352d, which allows an attacker to bypass the blockedpaths protection and read the config.py file containing sensitive information such as the OpenAI API key. This vulnerability is exploitable on Windows operating syste...

Jenkins Zoho QEngine Plugin Displays Unmasked API Keys

Jenkins Zoho QEngine Plugin 1.0.29.vfacc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it...

CVE-2025-30197

Jenkins Zoho QEngine Plugin 1.0.29.vfacc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it...

CVE-2025-30197

Jenkins Zoho QEngine Plugin 1.0.29.vfacc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it...

CVE-2025-30197

Jenkins Zoho QEngine Plugin 1.0.29.vfacc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it...

CVE-2025-30197

CVE-2025-30197 concerns Jenkins Zoho QEngine Plugin prior to 1.0.29.vfa_cc23396502, where the QEngine API Key form field is not masked. This omission can allow attackers to observe or capture the API key in the UI input path. The CVE is documented across multiple sources (NVD entry and Red Hat ad...

Jenkins Zoho QEngine Plugin 安全漏洞

Jenkins Zoho QEngine Plugin is a Jenkins plugin for Jenkins open source. A security vulnerability exists in Jenkins Zoho QEngine Plugin 1.0.29.vfacc23396502 and prior versions, which stems from an unmasked QEngine API Key form field...

CVE-2025-1285

The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the deleteapikey and saveapikey AJAX actions in all versions up to, and including, 3.6. This makes it possible for unauthenticated attackers to issue requests to...

CVE-2025-1285 Resido - Real Estate WordPress Theme <= 3.6 - Missing Authorization to Unauthenticated Server-Side Request Forgery and API Key Settings Update

The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the deleteapikey and saveapikey AJAX actions in all versions up to, and including, 3.6. This makes it possible for unauthenticated attackers to issue requests to...

CVE-2025-1285 Resido - Real Estate WordPress Theme <= 3.6 - Missing Authorization to Unauthenticated Server-Side Request Forgery and API Key Settings Update

The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the deleteapikey and saveapikey AJAX actions in all versions up to, and including, 3.6. This makes it possible for unauthenticated attackers to issue requests to...

CVE-2025-1285

CVE-2025-1285 affects the Resido – Real Estate WordPress Theme. The vulnerability arises from a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to and including 3.6, enabling unauthenticated attackers to issue requests to internal services and updat...

Flowise Pre-auth Arbitrary File Upload

Summary An unauthorized attacker can leverage the whitelisted route /api/v1/attachments to upload arbitrary files when the storageType is set to local default. Details When a new request arrives, the system first checks if the URL starts with /api/v1/. If it does, the system then verifies whether...

CVE-2025-27643

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006...

CVE-2025-27643

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006...

CVE-2025-27643

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006...

CVE-2025-27643

CVE-2025-27643 affects Vasion Print (formerly PrinterLogic) prior to Virtual Appliance Host 22.0.933 and Application 20.0.2368. Root cause: a hardcoded AWS API key (V-2024-006) exposed in the product. Impact: potential unauthorized access to AWS credentials, with CVSS 3.1 score of 9.8 (network, l...

PT-2025-9750 · Unknown · Vasion Print

Name of the Vulnerable Software and Affected Versions: Vasion Print formerly PrinterLogic versions prior to Virtual Appliance Host 22.0.933 Application 20.0.2368 Description: The issue concerns a hardcoded AWS API key. Recommendations: For versions prior to Virtual Appliance Host 22.0.933...

CVE-2025-27643

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006...

Cross-site Scripting (XSS)

Leantime is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to the API key name allowing malicious script injection during API key generation...