143 matches found
LiteLLM 代码问题漏洞
LiteLLM is an open source application from LiteLLM. All LLM APIs can be called using the OpenAI format. A code issue vulnerability exists in LiteLLM version 1.38.10, which stems from vulnerability to a server-side request forgery attack, where a user can specify parameters when sending a request,...
Elasticsearch 8.14.0 Security Update (ESA-2024-13)
Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions ESA-2024-13 It was identified that if a cross-cluster API key restricts search for a given index using the query or the fieldsecurity parameter, and the same cross-cluster API key also grants replication for the...
PT-2024-24245 · Rapid7 · Rapid7 Platform
Name of the Vulnerable Software and Affected Versions: Rapid7 Platform affected versions not specified Description: A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access t...
Tolgee 安全漏洞
Tolgee is an open source multilingual translation and localization platform designed to help development teams easily manage and maintain multilingual software applications and websites. A security vulnerability exists in Tolgee version v3.57.2, which stems from a vulnerability that allows an...
Laravel Framework < 5.5.41 / 5.6.x < 5.6.30 RCE
The version of Laravel Framework installed of the remote host is prior to 5.5.41 or 5.6.x prior to 5.6.30. It is, therefore, affected by a remote code execution vulnerability due to an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in...
codeium-chrome security vulnerability
codeium-chrome is an open source code completion plugin for the Chrome web browser. A security vulnerability exists in Chrome plugin codeium-chrome version v1.2.52, which stems from Service Worker not checking the sender when receiving an external message, allowing an attacker to host a website a...
CVE-2024-23453
Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service...
Google Sheets data source plugin - API key leaks in error messages
The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source. This vulnerabilit...
Tolgee 安全漏洞
Tolgee is an open source multilingual translation and localization platform designed to help development teams easily manage and maintain multilingual software applications and websites. A security vulnerability exists in Tolgee versions 3.14.0 through 3.23.1 that stems from the fact that when a...
PT-2023-20659 · Cerebrate · Cerebrate
Name of the Vulnerable Software and Affected Versions: Cerebrate version 1.12 Description: The issue arises from the improper consideration of organisation id during the creation of API keys. This could potentially lead to unauthorized access or misuse of API keys. Recommendations: For Cerebrate...
SUSE CVE-2017-1000114
The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...
IBM App Connect Enterprise 加密问题漏洞
IBM App Connect Enterprise is an operating system from International Business Machines IBM, Inc. that combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native IBM App Connect Enterprise combines existing industry-trusted IBM...
WordPress plugin ContentStudio 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Zyxel CloudCNM SecuManager 安全漏洞
Zyxel CloudCNM SecuManager is a set of network management software from Taiwan, China-based Zyxel. The software supports centralized control, device management and intelligent monitoring. A security vulnerability exists in Zyxel CloudCNM SecuManager version 3.1.0 and 3.1.1, which originates from ...
CVE-2022-33201 WordPress MailerLite – Signup forms (official) plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in MailerLite – Signup forms official plugin = 1.5.7 at WordPress allows an attacker to change the API key...
PYSEC-2022-43186
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through...
CVE-2022-30290
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through...
PYSEC-2022-43186
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through...
CVE-2022-23072
In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting XSS, in “Add to Cart” functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the Add to Shopping Cart icon, an X...
Laravel Framework RCE Vulnerability
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...