64 matches found
CVE-2024-9606
In berriai/litellm before version 1.44.12, the litellm/litellmcoreutils/litellmlogging.py file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount ...
PT-2025-12313 · Unknown · Berriai/Litellm
Name of the Vulnerable Software and Affected Versions: berriai/litellm version 1.52.1 Description: An issue in the proxy server.py file causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This exposes sensitive information, including langfuse secret and...
CVE-2025-2356
A vulnerability was found in BlackVue App 3.65 on Android. It has been classified as problematic. This affects the function deviceDelete of the component API Handler. The manipulation leads to use of get request method with sensitive query strings. It is possible to initiate the attack remotely...
Wordfence Intelligence Weekly WordPress Vulnerability Report (February 24, 2025 to March 2, 2025)
Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...
CVE-2025-26319
FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments...
CVE-2024-2321
An incorrect authorization vulnerability exists in multiple WSO2 products, allowing protected APIs to be accessed directly using a refresh token instead of the expected access token. Due to improper authorization checks and token mapping, session cookies are not required for API access, potential...
CVE-2025-26523 Insufficient Authorization Vulnerability in RupeeWeb trading platform
This vulnerability exists in RupeeWeb trading platform due to insufficient authorization controls on certain API endpoints handling addition and deletion operations. Successful exploitation of this vulnerability could allow an authenticated remote attacker to modify information belonging to other...
CVE-2024-41802
Xibo is a content management system CMS. An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to t...
CVE-2024-55226
Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting XSS vulnerability via the component /api/core/mod.rs...
CVE-2024-47758 GLPI vulnerable to account takeover without privilege escalation through the API
GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue...
CVE-2024-48346
xtreme1 = v0.9.1 contains a Server-Side Request Forgery SSRF vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems...
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 30, 2024 to October 6, 2024)
Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are...
CVE-2023-52106
Vulnerability of permission verification for APIs in the DownloadProviderMain module. Impact: Successful exploitation of this vulnerability will affect integrity and availability...
MOXA TN-5900 Authentication Error Vulnerability
MOXA TN-5900 is a series of industrial firewall routers from China MOXA. An authentication error vulnerability exists in the MOXA TN-5900 prior to version v3.3, which stems from insufficient authentication measures implemented in the Web API handler, and can be exploited by an attacker to cause a...
Denial Of Service (DoS)
gitlab is vulnerable to Denial of Service DoS attacks. Due to a regex check, the API for changing asset links produced backtracks, resulting in significant CPU consumption for some user-supplied values, causing the application to crash...
CVE-2022-39042 aEnrich a+HRD - Improper Authentication
aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service...
CVE-2022-46492
nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary...
Out-of-bounds
A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...
Cross Site Request Forgery in Gitea
Cross Site Request Forgery CSRF vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests...
Insecure Session Management
pterodactyl/panel is vulnerable to insecure session management. The vulnerability exists in handle function in the AuthenticateKey.phpfile, allowing malicious attackers to compromises the API key generation and log in to the system...