Lucene search
+L

143 matches found

CNNVD
CNNVD
added 2024/09/13 12:0 a.m.46 views

LiteLLM 代码问题漏洞

LiteLLM is an open source application from LiteLLM. All LLM APIs can be called using the OpenAI format. A code issue vulnerability exists in LiteLLM version 1.38.10, which stems from vulnerability to a server-side request forgery attack, where a user can specify parameters when sending a request,...

7.5CVSS7.8AI score0.37197EPSS
Exploits1References3
Elastic
Elastic
added 2024/06/06 3:32 a.m.11 views

Elasticsearch 8.14.0 Security Update (ESA-2024-13)

Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions ESA-2024-13 It was identified that if a cross-cluster API key restricts search for a given index using the query or the fieldsecurity parameter, and the same cross-cluster API key also grants replication for the...

6.5CVSS6.9AI score0.00456EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/23 12:0 a.m.6 views

PT-2024-24245 · Rapid7 · Rapid7 Platform

Name of the Vulnerable Software and Affected Versions: Rapid7 Platform affected versions not specified Description: A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access t...

6.8CVSS6.7AI score0.00172EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/18 12:0 a.m.5 views

Tolgee 安全漏洞

Tolgee is an open source multilingual translation and localization platform designed to help development teams easily manage and maintain multilingual software applications and websites. A security vulnerability exists in Tolgee version v3.57.2, which stems from a vulnerability that allows an...

6.5CVSS6.8AI score0.00556EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/04/15 12:0 a.m.158 views

Laravel Framework < 5.5.41 / 5.6.x < 5.6.30 RCE

The version of Laravel Framework installed of the remote host is prior to 5.5.41 or 5.6.x prior to 5.6.30. It is, therefore, affected by a remote code execution vulnerability due to an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in...

8.1CVSS8.8AI score0.76814EPSS
Exploits11References2
CNNVD
CNNVD
added 2024/03/11 12:0 a.m.6 views

codeium-chrome security vulnerability

codeium-chrome is an open source code completion plugin for the Chrome web browser. A security vulnerability exists in Chrome plugin codeium-chrome version v1.2.52, which stems from Service Worker not checking the sender when receiving an external message, allowing an attacker to host a website a...

7.5CVSS6.9AI score0.00647EPSS
Exploits1References3
OSV
OSV
added 2024/01/24 12:15 a.m.6 views

CVE-2024-23453

Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service...

5.5CVSS5.7AI score0.00163EPSS
Exploits0References3
Grafana
Grafana
added 2023/09/19 12:0 a.m.12 views

Google Sheets data source plugin - API key leaks in error messages

The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source. This vulnerabilit...

7.5CVSS7.2AI score0.00389EPSS
Exploits0
CNNVD
CNNVD
added 2023/07/27 12:0 a.m.5 views

Tolgee 安全漏洞

Tolgee is an open source multilingual translation and localization platform designed to help development teams easily manage and maintain multilingual software applications and websites. A security vulnerability exists in Tolgee versions 3.14.0 through 3.23.1 that stems from the fact that when a...

8.1CVSS7.7AI score0.00486EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/02/23 12:0 a.m.7 views

PT-2023-20659 · Cerebrate · Cerebrate

Name of the Vulnerable Software and Affected Versions: Cerebrate version 1.12 Description: The issue arises from the improper consideration of organisation id during the creation of API keys. This could potentially lead to unauthorized access or misuse of API keys. Recommendations: For Cerebrate...

9.1CVSS9AI score0.00632EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.5 views

SUSE CVE-2017-1000114

The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...

4.3CVSS4.1AI score0.01038EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.6 views

IBM App Connect Enterprise 加密问题漏洞

IBM App Connect Enterprise is an operating system from International Business Machines IBM, Inc. that combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native IBM App Connect Enterprise combines existing industry-trusted IBM...

6.5CVSS6.4AI score0.00358EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/27 12:0 a.m.6 views

WordPress plugin ContentStudio 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

9.8CVSS8.5AI score0.00877EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/09/29 12:0 a.m.7 views

Zyxel CloudCNM SecuManager 安全漏洞

Zyxel CloudCNM SecuManager is a set of network management software from Taiwan, China-based Zyxel. The software supports centralized control, device management and intelligent monitoring. A security vulnerability exists in Zyxel CloudCNM SecuManager version 3.1.0 and 3.1.1, which originates from ...

5.3CVSS5.7AI score0.00572EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/08/05 3:8 p.m.4 views

CVE-2022-33201 WordPress MailerLite – Signup forms (official) plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in MailerLite – Signup forms official plugin = 1.5.7 at WordPress allows an attacker to change the API key...

6.3CVSS8AI score0.00309EPSS
Exploits0References2
PyPA
PyPA
added 2022/07/05 1:15 p.m.9 views

PYSEC-2022-43186

In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through...

7.5CVSS7AI score0.00912EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/07/05 1:15 p.m.6 views

CVE-2022-30290

In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through...

7.5CVSS7AI score0.00912EPSS
Exploits0References3
OSV
OSV
added 2022/07/05 1:15 p.m.8 views

PYSEC-2022-43186

In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through...

7.5CVSS7AI score0.00912EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/21 8:15 a.m.9 views

CVE-2022-23072

In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting XSS, in “Add to Cart” functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the Add to Shopping Cart icon, an X...

3.5CVSS5.8AI score0.0081EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 12:56 a.m.277 views

Laravel Framework RCE Vulnerability

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...

8.1CVSS7.7AI score0.76814EPSS
Exploits11References6Affected Software1
Rows per page
Query Builder