Lucene search
K

8 matches found

CVE
CVE
added 2026/01/14 6:16 p.m.32 views

CVE-2026-23477

Rocket.Chat versions up to 6.12.0 expose the GET /api/v1/oauth-apps.get endpoint to any authenticated user, allowing retrieval of OAuth app details (including client_id and client_secret) if the user knows the ID. This constitutes a disclosure vulnerability with impact on confidentiality. The iss...

7.7CVSS6.1AI score0.00306EPSS
Exploits1References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:10 a.m.5 views

SUSE CVE-2015-8960

The TLS protocol 1.2 and earlier supports the rsafixeddh, dssfixeddh, rsafixedecdh, and ecdsafixedecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server...

8.1CVSS6.6AI score0.01947EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/04/05 6:27 p.m.56 views

CVE-2021-24163 Ninja Forms < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure

The AJAX action, wpajaxninjaformssendwpremoteinstallhandler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form...

8.8AI score0.01439EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2021/04/05 12:0 a.m.6 views

PT-2021-15709 · WordPress · Sendwp Ninja Forms Contact Form

Name of the Vulnerable Software and Affected Versions: SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress versions prior to 3.4.34 Description: The issue arises from the lack of capability checks and nonce protection in the AJAX action wp ajax ninja forms sendwp remote...

8.8CVSS8.6AI score0.01439EPSS
Exploits2References5
wpexploit
wpexploit
added 2021/02/16 12:0 a.m.170 views

Ninja Forms < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure

The AJAX action, wpajaxninjaformssendwpremoteinstallhandler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP plugin and retrieve the clientsecret key needed to...

0.1AI score0.01439EPSS
Exploits2References1
Patchstack
Patchstack
added 2021/02/16 12:0 a.m.8 views

WordPress Ninja Forms Contact Form plugin <= 3.4.33 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure vulnerability

Authenticated SendWP Plugin Installation and Client Secret Key Disclosure vulnerability found by Chloe Chamberland in WordPress Ninja Forms Contact Form plugin versions = 3.4.33. Solution Update the WordPress Ninja Forms Contact Form plugin to the latest available version at least 3.4.34...

2.4AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/16 12:0 a.m.23 views

Ninja Forms < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure

The AJAX action, wpajaxninjaformssendwpremoteinstallhandler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP plugin and retrieve the clientsecret key needed to...

8.8AI score0.01439EPSS
Exploits2References1Affected Software1
Broadcom
Broadcom
added 2018/06/21 12:0 a.m.8 views

BSA-2018-620

Security Advisory ID : BSA-2018-620 Component : TLS Revision : 2.0 The TLS protocol 1.2 and earlier supports the rsafixeddh, dssfixeddh, rsafixedecdh, and ecdsafixedecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations...

8.1CVSS6.6AI score0.01947EPSS
Exploits1
Rows per page
Query Builder