Lucene search
K

21 matches found

Github Security Blog
Github Security Blog
added 2026/05/21 9:30 p.m.4 views

LiteLLM allows an authenticated internal_user to create API keys with access to routes that their role does not permit

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

8.8CVSS6.1AI score0.00739EPSS
Exploits3References10Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.7 views

PT-2026-23605

Name of the Vulnerable Software and Affected Versions Gokapi versions prior to 2.2.3 Description Gokapi is a self-hosted file sharing server that includes automatic expiration and encryption support. A flaw in the user rank demotion logic allows a demoted user’s existing API keys to retain...

9.9CVSS5.8AI score0.22162EPSS
Exploits68References139
CNNVD
CNNVD
added 2026/02/21 12:0 a.m.10 views

GetSimple CMS 信息泄露漏洞

GetSimple CMS is an open-source content management system developed by GetSimple CMS. GetSimple CMS has a vulnerability related to information leakage. This vulnerability stems from the reliance on .htaccess files to restrict access to sensitive directories. When Apache AllowOverride is disabled,...

8.7CVSS5.8AI score0.00412EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 11:19 p.m.5 views

CVE-2026-27161

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled common in hardened or shared hosting environments, these protections are silently...

8.7CVSS5.7AI score0.00412EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.4 views

PT-2026-21325

Name of the Vulnerable Software and Affected Versions GetSimple CMS affected versions not specified Description GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache...

8.7CVSS5.3AI score0.00412EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.17 views

PT-2026-42538

Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.83.14 Description An authenticated internal user can create API keys with access to routes not permitted by their role. This occurs because the allowed routes field is stored during key generation without verifying ...

9CVSS5.2AI score0.00739EPSS
Exploits3References24
Snyk
Snyk
added 2026/01/11 11:0 p.m.4 views

Malicious Package

Overview n8n-nodes-xkwqpzrt-jmflhvbn-dsyocgxwmkelpt is a malicious package. This package leverages n8n workflow automation disguising as a n8n community node to exfiltrate OAuth tokens, API keys, and sensitive credentials of integrated services. Remediation Avoid using all malicious instances of...

9.8CVSS6.8AI score
Exploits0References2
Cvelist
Cvelist
added 2025/11/03 9:53 p.m.10 views

CVE-2024-13998 Nagios XI < 2024R1.1.3 API Keys & Hashed Passwords Authenticated Information Disclosure

Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information including API keys and hashed passwords to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse ...

6CVSS0.00949EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/31 12:30 a.m.5 views

EUVD-2025-37214

Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value...

7.1CVSS6.2AI score0.00949EPSS
Exploits0References4
NVD
NVD
added 2025/10/30 10:15 p.m.3 views

CVE-2024-13995

Nagios XI versions prior to 2024R1.1.2 may confirmed in 2024R1.1 and 2024R1.1.1 disclose sensitive user account information including API keys and hashed passwords to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account...

8.8CVSS0.01187EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.6 views

PT-2025-44521

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.4.2 Description Nagios XI versions prior to 2024R1.4.2 had a flaw where API keys were exposed to users lacking the necessary API access permissions when utilizing Neptune themes. An authenticated user, even...

7.1CVSS6.5AI score0.00949EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/08/14 9:13 p.m.12 views

CVE-2025-55165

Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the todict method, used ...

8.2CVSS7AI score0.00177EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/11 12:0 a.m.4 views

Palo Alto Networks Expedition 安全漏洞

Palo Alto Networks Expedition is a tool from Palo Alto Networks, Inc. that helps with configuration migration, tuning, and enrichment. A security vulnerability exists in Palo Alto Networks Expedition. An attacker exploiting this vulnerability could gain access to Expedition database contents such...

9.2CVSS9.1AI score0.00596EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/22 12:0 a.m.5 views

IBM Cognos Analytics 安全漏洞

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A security...

5.5CVSS5.9AI score0.00142EPSS
Exploits0References3
OSV
OSV
added 2024/09/10 9:15 a.m.2 views

CVE-2024-43389

A low privileged remote attacker can perform configuration changes of the ospf service through OSPFINTERFACE.SIMPLEKEY, OSPFINTERFACE.DIGESTKEY environment variables which can lead to a DoS...

8.1CVSS5.8AI score0.00519EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.5 views

PHOENIX CONTACT FL/TC MGUARD 代码注入漏洞

The PHOENIX CONTACT FL/TC MGUARD is a series of routers from PHOENIX CONTACT, Germany. A code injection vulnerability exists in the PHOENIX CONTACT FL/TC MGUARD. A low-privileged remote attacker can execute configuration changes to the ospf service via the OSPFINTERFACE.SIMPLEKEY,...

8.1CVSS7.5AI score0.00519EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2024/04/20 12:0 a.m.2 views

VulnCheck KEV: CVE-2021-32790

Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors already having admin access, or API keys to the WooCommerce site can exploit vulnerable...

4.9CVSS5.8AI score0.01265EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/11/22 12:0 a.m.4 views

PT-2023-12331 · Unknown · Fleet Server

Name of the Vulnerable Software and Affected Versions: Fleet-Server affected versions not specified Description: An issue was found with how API keys are created with the Fleet-Server service account, allowing a compromised Fleet-Server service account to potentially escalate themselves to a...

8.8CVSS8.6AI score0.00714EPSS
Exploits0References9
OSV
OSV
added 2022/11/01 2:15 a.m.3 views

CVE-2022-2572

In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked...

9.8CVSS5.8AI score0.00833EPSS
Exploits0References1
OSV
OSV
added 2022/06/28 10:15 p.m.2 views

CVE-2022-31884

Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys...

6.5CVSS5.8AI score0.01103EPSS
Exploits1References3
Rows per page
Query Builder