62 matches found
Argo CD Unauthenticated Access to sensitive setting
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. id: CVE-2024-37152 info: name: Ar...
CVE-2026-58477
SIP (Sustainable Irrigation Platform) up to version 5.2.16 contains a mass assignment flaw where the value-setting interface copies every HTTP parameter into internal settings without whitelisting. This enables unauthenticated attackers to overwrite sensitive configuration such as the passphrase ...
CVE-2026-59222
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 before 0.10.0, GET /api/v1/channels//members returned full UserModelResponse objects for channel members, including settings.ui.toolServers.key and webhook configuration, allowing a normal channel...
EUVD-2026-42631
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 before 0.10.0, GET /api/v1/channels//members returned full UserModelResponse objects for channel members, including settings.ui.toolServers.key and webhook configuration, allowing a normal channel...
CVE-2026-59222
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 before 0.10.0, GET /api/v1/channels//members returned full UserModelResponse objects for channel members, including settings.ui.toolServers.key and webhook configuration, allowing a normal channel...
CVE-2026-59222 Open WebUI: /api/v1/channels/{id}/members exposes full user model including sensitive credentials
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 before 0.10.0, GET /api/v1/channels//members returned full UserModelResponse objects for channel members, including settings.ui.toolServers.key and webhook configuration, allowing a normal channel...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from permission escalation vulnerabilities, allowing authenticated operators with write permissions to acces...
CVE-2020-37146
CVE-2020-37146 affects ACE Security WiP-90113 HD Camera. A configuration disclosure vulnerability allows unauthenticated attackers to retrieve sensitive configuration files by sending a GET request to /config_backup.bin, exposing credentials and system settings. Exploitation context and impact ar...
Next.js Configuration File Detected
Next.js is a popular React framework for building web applications. By default, Next.js applications may include a configuration file named next.config.js, which contains various settings and options for the application. If this configuration file is accessible via the web server, it can expose...
CVE-2025-2848
A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions...
Incorrect Permission Assignment for Critical Resource
Overview snowflake-connector-python is a Snowflake Connector for Python Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the ConfigManager.readconfig path in configmanager.py. An attacker can modify sensitive settings stored in the...
EUVD-2015-2310
Malware in sbrugna...
EUVD-2023-46419
Malicious code in bioql PyPI...
Apple macOS Access Control Error Vulnerability (CNVD-2025-18439)
Apple macOS is a specialized operating system developed by Apple for Mac computers. Apple macOS suffers from a security vulnerability that stems from insufficient user consent prompts, which can be exploited by attackers to potentially bypass sensitive settings...
Apple macOS 安全漏洞
Apple macOS is a specialized operating system developed by Apple for Mac computers. Apple macOS suffers from a security vulnerability that stems from insufficient user consent prompts, which can be exploited by attackers to potentially bypass sensitive settings...
CVE-2025-43184
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A shortcut may be able to bypass sensitive Shortcuts app settings...
CVE-2023-41960
The vulnerability allows an unprivilegeduntrusted third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself...
CVE-2020-21936
An issue in HNAP1/GetMultipleHNAPs of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to access the components GetStationSettings, GetWebsiteFilterSettings and GetNetworkSettings without authentication...
CVE-2020-27585
Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password...
CVE-2024-6842
In version 1.5.5 of mintplex-labs/anything-llm, the /setup-complete API endpoint allows unauthorized users to access sensitive system settings. The data returned by the currentSettings function includes sensitive information such as API keys for search engines, which can be exploited by attackers...