4 matches found
CVE-2026-59155
Nezha Monitoring (self-hosted) had a credential exposure flaw prior to version 2.2.5. The GET endpoints /api/v1/ddns and /api/v1/notification returned full resource objects that included plaintext third-party API credentials (Cloudflare API tokens, TencentCloud SecretKeys, Slack/Discord/Telegram ...
GHSA-WW5P-J6CJ-6MQQ Nezha Dashboard: DDNS and Notification credential exposure via unredacted list API
Summary The GET /api/v1/ddns and GET /api/v1/notification endpoints return full resource objects including plaintext third-party API credentials — Cloudflare API tokens, TencentCloud SecretKeys, Slack/Discord/Telegram webhook URLs with embedded bot tokens, and Authorization header values — withou...
CVE-2023-6289
The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens...
Exploit for CVE-2023-6289
CVE-2023-6289 Swift Performance Lite = 2.3.6.14 - Missing...