11 matches found
CVE-2025-70841
Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...
CVE-2025-70841
Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...
Dokans 安全漏洞
Dokans is an e-commerce platform open source by AMCoders. Version 3.9.2 of Dokans contains a security vulnerability. This vulnerability arises from directly requesting the .env file via scripts, which may lead to the exposure of sensitive application configuration data. This can result in a...
EUVD-2025-25477
Malicious code in bioql PyPI...
Exploit for CVE-2025-31125
🔐 Vite/Vue JS Exploitation Toolkit =============================...
CVE-2025-57754
eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In 3.0.0 and earlier, a sensitive Supabase URI is exposed in .env. A valid Supabase URI with embedded username and password will allow an attacker complete unauthorized access and control over database and user data. This could...
CVE-2025-57754 eslint-ban-moment exposed a sensitive Supabase URI in .env (Credential leak)
eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In 3.0.0 and earlier, a sensitive Supabase URI is exposed in .env. A valid Supabase URI with embedded username and password will allow an attacker complete unauthorized access and control over database and user data. This could...
PT-2025-34243 · WordPress · Eslint-Ban-Moment
Name of the Vulnerable Software and Affected Versions: eslint-ban-moment versions 3.0.0 and earlier Description: The eslint-ban-moment plugin exposes a sensitive Supabase URI in the .env file. A valid Supabase URI containing a username and password grants an attacker complete unauthorized access...
CVE-2024-47056
SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to improper server configuration that fails to restrict access to sensitive files. An attacker can view sensitive configuration data, including database...
PT-2017-14623 · Taylor Otwell · Laravel
Name of the Vulnerable Software and Affected Versions: Laravel framework versions prior to 5.5.22 Description: The issue allows remote attackers to obtain sensitive information, such as externally usable passwords, via a direct request for the /.env URI. This is due to the...