Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47324 | 1 Qualcomm | 2 Qca7005, Qca7005 Firmware | 2025-08-18 | N/A | 7.5 HIGH |
| Information disclosure while accessing and modifying the PIB file of a remote device via powerline. | |||||
| CVE-2025-0330 | 1 Litellm | 1 Litellm | 2025-08-01 | N/A | N/A |
| In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests. | |||||
| CVE-2024-9447 | 1 Superagi | 1 Superagi | 2025-07-29 | N/A | N/A |
| An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisation/` endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, including API keys, of any organization. This could lead to unauthorized access to services and significant data breaches or financial loss. | |||||
| CVE-2023-50458 | 2025-07-10 | N/A | N/A | ||
| In Dradis before 4.11.0, the Output Console shows a job queue that may contain information about other users' jobs. | |||||
| CVE-2025-48941 | 1 Mybb | 1 Mybb | 2025-07-02 | N/A | N/A |
| MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly, which allows attackers to determine the existence of hidden (draft, unapproved, or soft-deleted) threads containing specified text in the title. The visibility state (`mybb_threads.visible` integer column) of threads is not validated in internal search queries, whose result is used to output a general success or failure of the search. While MyBB validates permissions when displaying the final search results, a search operation that internally produces at least one result outputs a redirect response (as a HTTP redirect, or a success message page with delayed redirect, depending on configuration). On the other hand, a search operation that internally produces no results outputs a corresponding message in the response without a redirect. This allows a user to determine whether threads matching title search parameters exist, including draft threads (`visible` with a value of `-2`), soft-deleted threads (`visible` with a value of `-1`), and unapproved threads (`visible` with a value of `0`); in addition to displaying generally visible threads (`visible` with a value of `1`). This vulnerability does not affect other layers of permissions. In order to exploit the vulnerability, the user must have access to the search functionality, and general access to forums containing the thread(s). The vulnerability does not expose the message content of posts. MyBB 1.8.39 resolves this issue. | |||||
| CVE-2024-9099 | 1 Lunary | 1 Lunary | 2025-04-10 | N/A | 8.1 HIGH |
| In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions, such as Viewers or Prompt Editors. This vulnerability allows unauthorized users to retrieve sensitive credentials, which can be used to perform actions on behalf of the project, access private data, and delete resources. The private API keys are exposed in the developer tools when the endpoint is called from the frontend. | |||||
| CVE-2024-5213 | 1 Mintplexlabs | 1 Anythingllm | 2024-07-17 | N/A | 6.5 MEDIUM |
| In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login (`POST /api/request-token`) and after account creations (`POST /api/admin/users/new`). This exposure occurs because the entire User object, including the bcrypt password hash, is included in the response sent to the frontend. This practice could potentially lead to sensitive information exposure despite the use of bcrypt, a strong hashing algorithm. It is recommended not to expose any clues about passwords to the frontend. | |||||
| CVE-2023-1974 | 1 Answer | 1 Answer | 2023-04-18 | N/A | 6.5 MEDIUM |
| Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8. | |||||