20 matches found
EUVD-2024-52815
Malicious code in bioql PyPI...
EUVD-2021-29073
Malicious code in bioql PyPI...
PT-2025-37401
Name of the Vulnerable Software and Affected Versions One Identity OneLogin versions prior to 2025.3.0 Description A security issue exists in One Identity OneLogin that allows attackers to potentially steal sensitive OpenID Connect OIDC application client secrets. This is possible through a reque...
PT-2025-18266 · Ctrlx Os · Ctrlx Os
Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the “Backup & Restore” functionality of the web application allows a remote authenticated low-privileged attacker to access secret information via multiple crafted HTTP...
WordPress plugin Flexmls IDX Plugin 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...
CVE-2024-55578
Zammad before 6.4.1 places sensitive data such as authmicrosoftoffice365credentials and applicationsecret in log files...
CVE-2024-55578
Summary: CVE-2024-55578 affects Zammad prior to 6.4.1, where sensitive data (e.g., auth_microsoft_office365_credentials and application_secret) is written to log files. Affected software: Zammad
Incorrect Authorization
openstack-keystone is vulnerable to Incorrect Authorization. The vulnerability is caused due to a flaw where only the first 72 characters of an application secret are verified. This allows attackers to bypass some password complexity which administrators may be counting on leading to compromising...
SUSE CVE-2021-3563
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity...
CVE-2021-3563
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity...
CVE-2021-42087
An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API...
CVE-2021-42087
An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API...
Design/Logic Flaw
An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API...
CVE-2021-42087
CVE-2021-42087 affects Zammad before 4.1.1, allowing an admin to discover the application secret via the API. Public descriptions in multiple sources corroborate that versions prior to 4.1.1 are vulnerable to secret disclosure and sensitive information exposure through the API. Remediation is to ...
CVE-2021-42087
An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API...
Cachet configuration leak
Impact Authenticated users, regardless of their privileges User or Admin, can leak the value of any configuration entry of the dotenv file, e.g. the application secret APPKEY and various passwords email, database, etc. Patches This issue was addressed by improving UpdateConfigCommandHandler and...
GHSA-88F9-7XXH-C688 Cachet configuration leak
Impact Authenticated users, regardless of their privileges User or Admin, can leak the value of any configuration entry of the dotenv file, e.g. the application secret APPKEY and various passwords email, database, etc. Patches This issue was addressed by improving UpdateConfigCommandHandler and...
CVE-2021-39174
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can leak the value of any configuration entry of the dotenv file, e.g. the application secret APPKEY and various passwords email, database, etc. This issue was...
MGASA-2020-0268 Updated gnutls packages fix security vulnerability
Updated gnutls packages fix security vulnerability: It was found that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a MitM attacker...
Timing attack vector for remember me token
The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...