PT-2026-42538

LiteLLM prior to 1.83.14 allows an authenticated internal user to create API keys with access to routes that their role does not permit. When generating a key, the allowed routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

PT-2026-23605

Name of the Vulnerable Software and Affected Versions Gokapi versions prior to 2.2.3 Description Gokapi is a self-hosted file sharing server that includes automatic expiration and encryption support. A flaw in the user rank demotion logic allows a demoted user’s existing API keys to retain...

GetSimple CMS 信息泄露漏洞

GetSimple CMS is an open-source content management system developed by GetSimple CMS. GetSimple CMS has a vulnerability related to information leakage. This vulnerability stems from the reliance on .htaccess files to restrict access to sensitive directories. When Apache AllowOverride is disabled,...

CVE-2026-27161

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled common in hardened or shared hosting environments, these protections are silently...

PT-2026-21325

Name of the Vulnerable Software and Affected Versions GetSimple CMS affected versions not specified Description GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache...

Malicious Package

Overview n8n-nodes-xkwqpzrt-jmflhvbn-dsyocgxwmkelpt is a malicious package. This package leverages n8n workflow automation disguising as a n8n community node to exfiltrate OAuth tokens, API keys, and sensitive credentials of integrated services. Remediation Avoid using all malicious instances of...

CVE-2024-13998 Nagios XI < 2024R1.1.3 API Keys & Hashed Passwords Authenticated Information Disclosure

Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information including API keys and hashed passwords to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse ...

EUVD-2025-37214

Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value...

CVE-2024-13995

Nagios XI versions prior to 2024R1.1.2 may confirmed in 2024R1.1 and 2024R1.1.1 disclose sensitive user account information including API keys and hashed passwords to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account...

PT-2025-44521

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.4.2 Description Nagios XI versions prior to 2024R1.4.2 had a flaw where API keys were exposed to users lacking the necessary API access permissions when utilizing Neptune themes. An authenticated user, even...

CVE-2025-55165

Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the todict method, used ...

Palo Alto Networks Expedition 安全漏洞

Palo Alto Networks Expedition is a tool from Palo Alto Networks, Inc. that helps with configuration migration, tuning, and enrichment. A security vulnerability exists in Palo Alto Networks Expedition. An attacker exploiting this vulnerability could gain access to Expedition database contents such...

IBM Cognos Analytics 安全漏洞

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A security...

CVE-2024-43389

A low privileged remote attacker can perform configuration changes of the ospf service through OSPFINTERFACE.SIMPLEKEY, OSPFINTERFACE.DIGESTKEY environment variables which can lead to a DoS...

PHOENIX CONTACT FL/TC MGUARD 代码注入漏洞

The PHOENIX CONTACT FL/TC MGUARD is a series of routers from PHOENIX CONTACT, Germany. A code injection vulnerability exists in the PHOENIX CONTACT FL/TC MGUARD. A low-privileged remote attacker can execute configuration changes to the ospf service via the OSPFINTERFACE.SIMPLEKEY,...

VulnCheck KEV: CVE-2021-32790

Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors already having admin access, or API keys to the WooCommerce site can exploit vulnerable...

PT-2023-12331 · Unknown · Fleet Server

Name of the Vulnerable Software and Affected Versions: Fleet-Server affected versions not specified Description: An issue was found with how API keys are created with the Fleet-Server service account, allowing a compromised Fleet-Server service account to potentially escalate themselves to a...

CVE-2022-2572

In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked...

CVE-2022-31884

Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys...

CVE-2018-15711

Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges...