Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Positive Technologies
Positive Technologiesadded 2026/05/21 12:0 a.m.6 views

PT-2026-42538

LiteLLM prior to 1.83.14 allows an authenticated internal user to create API keys with access to routes that their role does not permit. When generating a key, the allowed routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

8.8CVSS5.8AI score0.00051EPSS
Exploits3References9
ATTACKERKB
ATTACKERKBadded 2026/02/20 11:19 p.m.4 views

CVE-2026-27161

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled common in hardened or shared hosting environments, these protections are silently...

8.7CVSS5.7AI score0.0004EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2025/11/03 9:53 p.m.4 views

CVE-2024-13998 Nagios XI < 2024R1.1.3 API Keys & Hashed Passwords Authenticated Information Disclosure

Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information including API keys and hashed passwords to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse ...

6CVSS0.01622EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/31 12:30 a.m.3 views

EUVD-2025-37214

Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value...

7.1CVSS6.2AI score0.01622EPSS
Exploits0References4
NVD
NVDadded 2025/10/30 10:15 p.m.1 views

CVE-2024-13995

Nagios XI versions prior to 2024R1.1.2 may confirmed in 2024R1.1 and 2024R1.1.1 disclose sensitive user account information including API keys and hashed passwords to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account...

8.8CVSS0.02219EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/01/11 12:0 a.m.2 views

Palo Alto Networks Expedition 安全漏洞

Palo Alto Networks Expedition is a tool from Palo Alto Networks, Inc. that helps with configuration migration, tuning, and enrichment. A security vulnerability exists in Palo Alto Networks Expedition. An attacker exploiting this vulnerability could gain access to Expedition database contents such...

9.2CVSS9.1AI score0.00618EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2023/11/22 12:0 a.m.2 views

PT-2023-12331 · Unknown · Fleet Server

Name of the Vulnerable Software and Affected Versions: Fleet-Server affected versions not specified Description: An issue was found with how API keys are created with the Fleet-Server service account, allowing a compromised Fleet-Server service account to potentially escalate themselves to a...

8.8CVSS8.6AI score0.00265EPSS
Exploits0References9
Rows per page
Query Builder