Lucene search
K

44 matches found

Nuclei
Nuclei
added yesterday12 views

EyesOfNetwork - Hardcoded API Key & SQL Injection

An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/apifunctions.php. id: CVE-2020-8656 info: name:...

9.8CVSS7AI score0.846EPSS
Exploits8References3
NVD
NVD
added 2026/05/21 6:16 p.m.20 views

CVE-2026-48245

Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the original owner's Google Cloud...

6.9CVSS0.00224EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/21 5:11 p.m.9 views

CVE-2026-48243

Open ISES Tickets before 3.44.2 embeds a hardcoded WhitePages reverse-phone API key in wp1.php that is committed to the public source repository. Any actor with read access to the source tree can extract the key and use it to make third-party API calls billed to or rate-limited against the origin...

6.9CVSS5.8AI score0.00224EPSS
Exploits0References4
OSV
OSV
added 2026/05/21 2:34 p.m.9 views

MAL-2026-4380 Malicious code in @dekuzxc/nexca (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35a4db02ce3d3ea022c8a6b5349975b4721d3f2c5b516b6c3dd3dddbfa802271 When a consumer uses the advertised api.listen/listenE2EE flow, every incoming message attachment of type "photo" is auto-uploaded to imgbb.com using...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/05/21 1:32 a.m.15 views

MAL-2026-4558 Malicious code in fastgrc-openclaw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 158457237168ef50e3a6c4cd33f51e23f6aec642593745a3d11b9b4870ef36ce The package is an AI agent policy-check plugin. When a consumer does not configure their own API key, resolveApiKey returns a hardcoded BUNDLEDAPIKEY...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/19 9:37 p.m.16 views

MAL-2026-4748 Malicious code in eplang (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d53e4571f8ccfc385a265dfd47cbea9793946762a794aff432e98614ee10b21 The package ships epl/.aiconfig.json containing a hardcoded Groq API key with provider set to 'groq'. On any AI-related CLI invocation epl ai, epl ge...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/05/19 7:49 p.m.14 views

MAL-2026-4743 Malicious code in buddyme (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f4ae4b8c00d27e82d54a5d2d960b1dc4f40ba15bc938355bad8421c338d6ef6 buddyme advertises a CLI agent. When installed and run, the default REPL routes every prompt the user types to third-party LLM providers Zhipu GLM at...

5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:58 a.m.8 views

CVE-2020-7999

The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOADAPIKEY and FILEDOWNLOADAPIKEY...

9.8CVSS7.1AI score0.01253EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/12/16 10:35 p.m.10 views

Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter

Impact The Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and possibly authentication bypass if malicious endpoints return fake responses to validate unauthorized users. Patches Fixed by hardcoding the...

8.3CVSS7.2AI score0.00291EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-28912

Malware in sbrugna...

9.8CVSS9.2AI score0.01253EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.20 views

EUVD-2022-31222

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.01151EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-6075

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00832EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-27232

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00603EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-16445

Malicious code in bioql PyPI...

6.9CVSS6.5AI score0.00478EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-16164

Malicious code in bioql PyPI...

8.6CVSS8.9AI score0.00789EPSS
Exploits3References5
RedhatCVE
RedhatCVE
added 2025/06/01 4:35 a.m.9 views

CVE-2025-48491

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...

6.9CVSS6.8AI score0.00478EPSS
Exploits0References1
NVD
NVD
added 2025/05/30 4:15 a.m.29 views

CVE-2025-48491

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...

6.9CVSS0.00478EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/05/30 12:0 a.m.21 views

PT-2025-23241 · Unknown · Project Ai

Name of the Vulnerable Software and Affected Versions: Project AI versions prior to pre-beta Description: The issue concerns a hardcoded API key present in the source code of Project AI, a platform for creating AI agents. This problem has been resolved in the pre-beta version. Recommendations: Fo...

6.9CVSS6.5AI score0.00478EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/05/23 3:17 a.m.7 views

CVE-2023-23132

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys...

7.5CVSS6.8AI score0.00603EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:11 p.m.8 views

CVE-2020-35137

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work aka com.mobileiron. The key is in com/mobileiron/registration/RegisterActivity.java and can be used for...

7.5CVSS6.6AI score0.01556EPSS
Exploits1
Rows per page
Query Builder