Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2026/04/16 10:49 p.m.4 views

Paperclip: Cross-tenant agent API key IDOR in `/agents/:id/keys` routes allows full victim-company compromise

Summary The GET, POST, and DELETE handlers under /agents/:id/keys in the Paperclip control-plane API only call assertBoardreq, which verifies that the caller has a board-type session but does not verify that the caller has access to the company owning the target agent. A board user whose membersh...

5.9AI score
Exploits0References2Affected Software1
Snyk
Snykadded 2025/12/10 6:30 p.m.3 views

Cleartext Storage of Sensitive Information

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the storage of build authorization tokens in plain text within config.xml files. An attacker can gain unauthorized acces...

5.3CVSS6.6AI score0.00076EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/09/07 5:33 a.m.6 views

CVE-2025-58401

Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account...

6.8CVSS6.6AI score0.00013EPSS
Exploits0References1
OSV
OSVadded 2025/09/05 5:15 a.m.1 views

CVE-2025-58401

Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account...

5.1CVSS6.8AI score
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/09/05 4:28 a.m.3 views

CVE-2025-58401

Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account...

6.8CVSS6.6AI score0.00013EPSS
Exploits0References2
Snyk
Snykadded 2025/07/09 4:49 p.m.2 views

Cleartext Storage of Sensitive Information

Overview org.jenkins-ci.plugins:aqua-security-scanner is a Jenkins plugin for calling the Aqua API to scan a Docker image Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the storage of Scanner Tokens for Aqua API in config.xml files on the...

6.8CVSS6.9AI score0.0013EPSS
Exploits0References2
Packet Storm
Packet Stormadded 2013/08/02 12:0 a.m.55 views

Karotz Smart Rabbit 12.07.19.00 Hijacking / Cleartext Token

Trustwave SpiderLabs Security Advisory TWSL2013-021: Multiple Vulnerabilities in Karotz Smart Rabbit Published: 08/01/13 Version: 1.0 Vendor: Electronic Arts http://www.ea.com/, formerly Mindscape, formerly Violet Product: Karotz Version affected: 12.07.19.00 Product description: Karotz is the...

0.2AI score0.22154EPSS
Exploits6
Rows per page
Query Builder