CVE-2025-27643

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006...

CVE-2025-27643

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006...

CVE-2025-27643

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006...

CVE-2025-27643

CVE-2025-27643 affects Vasion Print (formerly PrinterLogic) prior to Virtual Appliance Host 22.0.933 and Application 20.0.2368. Root cause: a hardcoded AWS API key (V-2024-006) exposed in the product. Impact: potential unauthorized access to AWS credentials, with CVSS 3.1 score of 9.8 (network, l...

PT-2025-9750 · Unknown · Vasion Print

Name of the Vulnerable Software and Affected Versions: Vasion Print formerly PrinterLogic versions prior to Virtual Appliance Host 22.0.933 Application 20.0.2368 Description: The issue concerns a hardcoded AWS API key. Recommendations: For versions prior to Virtual Appliance Host 22.0.933...

CVE-2025-27643

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006...

Cross-site Scripting (XSS)

Leantime is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to the API key name allowing malicious script injection during API key generation...

CVE-2025-0801

The RateMyAgent Official plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on the 'rma-settings-wizard'. This makes it possible for unauthenticated attackers to update the plugin's API...

CVE-2025-0801

CVE-2025-0801 – RateMyAgent Official WordPress plugin CSRF Affected software: RateMyAgent Official plugin for WordPress (all versions up to and including 1.4.0).Root cause: Missing or incorrect nonce validation on the rma-settings-wizard, enabling Cross-Site Request Forgery.Impact: Unauthenticate...

CVE-2025-0801 RateMyAgent Official <= 1.4.0 - Cross-Site Request Forgery to API Key Update

The RateMyAgent Official plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on the 'rma-settings-wizard'. This makes it possible for unauthenticated attackers to update the plugin's API...

CVE-2025-0801 RateMyAgent Official <= 1.4.0 - Cross-Site Request Forgery to API Key Update

The RateMyAgent Official plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on the 'rma-settings-wizard'. This makes it possible for unauthenticated attackers to update the plugin's API...

PT-2025-9054 · WordPress · Ratemyagent Official

Name of the Vulnerable Software and Affected Versions: RateMyAgent Official plugin for WordPress versions up to and including 1.4.0 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'rma-settings-wizard'. This allows unauthenticate...

AWS VDP: Sensitive API Key Leakage

Vulnerability: AWS Sensitive Keys Leakage Details : the AWS Access Key & Secret Key is leaked in a Public GitHub Repository located at : Repository located at : █████████ Steps To Reproduce: Go to : ██████ In the middle of this file you can see the Keys Please see the attached screenshot also...

PT-2025-7820 · WordPress · Enfold

Name of the Vulnerable Software and Affected Versions: Enfold theme for WordPress versions up to, and including, 6.0.9 Description: The issue allows unauthorized access to data due to a missing capability check in the avia-export-class.php file. This enables unauthenticated attackers to export al...

GHSA-C39W-3PJX-QC7M Leantime allows Stored Cross-Site Scripting (XSS)

Description Leantime allows stored cross-site scripting XSS in the API key name while generating the API key. Impact Any low privileged user like manager, or editor, can create an API key with XSS payload. When admin will visit the Company page, the XSS will automatically get triggerred leading t...

Leantime allows Stored Cross-Site Scripting (XSS)

Description Leantime allows stored cross-site scripting XSS in the API key name while generating the API key. Impact Any low privileged user like manager, or editor, can create an API key with XSS payload. When admin will visit the Company page, the XSS will automatically get triggerred leading t...

CVE-2023-51315

PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS in the "seatname, pluginsmsapikey, pluginsmscountrycode, title, name" parameters...

CVE-2023-51300

PHPJabbers Hotel Booking System v4.0 is vulnerable to Cross-Site Scripting XSS vulnerabilities in the "name, pluginsmsapikey, pluginsmscountrycode, title, pluginsmsapikey" parameters...

PT-2025-7288 · Phpjabbers · Phpjabbers Event Ticketing System

Name of the Vulnerable Software and Affected Versions: PHPJabbers Event Ticketing System version 1.0 Description: The PHPJabbers Event Ticketing System is vulnerable to multiple HTML injections in the parameters lid, name, plugin sms api key, plugin sms country code, and title. This issue allows...

SUSE CVE-2024-23445

It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...