26 matches found
WordPress King Addons for Elementor plugin <= 51.1.49 - Unauthenticated API Keys Disclosure vulnerability
Unauthenticated API Keys Disclosure vulnerability discovered by Ulyses Saicha in WordPress Plugin King Addons for Elementor versions = 51.1.49...
CVE-2025-13997
The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...
CVE-2025-13997 King Addons for Elementor <= 51.1.49 - Unauthenticated API Keys Disclosure
The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...
CVE-2025-13997
The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...
IKEA Dirigera 代码问题漏洞
IKEA Dirigera is a smart home system gateway device developed by the Dutch company IKEA. Version IKEA Dirigera v2.866.4 contains a code vulnerability caused by server-side request forgery, which may lead to the disclosure of private keys through specially crafted requests...
GHSA-G9W5-QFFC-6762 Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure
Summary The /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data user credentials,...
CVE-2026-27944 Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...
CVE-2025-34283 Nagios XI < 2024R1.4.2 API Key Disclosure via Neptune Themes
Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value...
CVE-2025-46582 Private Key Disclosure Vulnerability in ZTE ZXMP M721 Product
A private key disclosure vulnerability exists in ZTE's ZXMP M721 product. A low-privileged user can bypass authorization checks to view the device's communication private key, resulting in key exposure and impacting communication security...
EUVD-2025-31361
Malicious code in bioql PyPI...
CVE-2025-2394 Disclosure of Alibaba (OSS) Keys In Ecovacs Home Android and iOS Mobile Applications
Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service OSS, leading to sensitive data disclosure...
Element 安全漏洞
Element is a Matrix web collaboration client from Element Open Source. A security vulnerability exists in Element versions 1.11.16 through 1.11.96, which stems from a configuration that allows an Element Call to be loaded from an external URL, resulting in the disclosure of media encryption keys...
wolfSSL 安全漏洞
wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in wolfSSL versions prior to 5.7.0, which can be exploited by an attacker to cause ECDSA key disclosure...
CVE-2024-39344
The CVE-2024-39344 issue affects the Docusign API package version 8.142.14 for Salesforce. The Apttus_DocuApi__DocusignAuthentication__mdt object installed from the package stores configuration information and, under default settings, can be accessed to disclose keys. Those disclosed components c...
EulerOS Virtualization 2.11.0 : libldb (EulerOS-SA-2023-2758)
According to the versions of the libldb package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient an...
ssh whoami.filippo.io
I updated the whoami.filippo.io dataset over the holidays, so it should be pretty accurate at least for a little while. If you already know what Im talking about, below are some tidbits about how I fetched the new dataset and how its stored. If you dont, stop reading, and run this. Ill wait. $ ss...
CVE-2022-3907 Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure
The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options...
Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure
The plugin is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options. - Install the plugin and set the API creds to: - Key:...
WordPress Clerk plugin <= 3.8.2 - Auth. Bypass and API Keys Disclosure vulnerability
Auth. Bypass and API Keys Disclosure vulnerability discovered by Francesco Carlucci in the WordPress Clerk plugin versions = 3.8.2. Solution Update the WordPress Clerk plugin to the latest available version at least 4.0...
CVE-2022-23653
B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a...