CVE-2026-4166 Wavlink WL-NU516U1 login.cgi sub_404F68 cross site scripting

A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in cross site scripting. The attack can be launched remotely. The exploit has been made public and coul...

RHEL 10 : git-lfs (RHSA-2026:4166)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:4166 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while...

MiracleLinux 4 : evolution-data-server-2.32.3-18.AXS4 (AXSA:2014-352:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-352:01 advisory. The evolution-data-server package provides a unified backend for programs that work with contacts, tasks, and calendar information. It was originally develope...

EUVD-2025-13240

Malicious code in bioql PyPI...

openbao-2.2.2-1.1 on GA media (moderate)

openbao-2.2.2-1.1 on GA media Announcement ID: openSUSE-SU-2025:15186-1 Rating: moderate Cross-References: CVE-2025-4166 CVSS scores: CVE-2025-4166 SUSE : 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...

CVE-2011-4166

Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data...

Debian: Security Advisory (DLA-4166-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2025-4166

Vault Community and Vault Enterprise Key/Value kv Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is...

BIT-VAULT-2025-4166 Vault May Include Sensitive Data in Error Logs When Using the KV v2 Plugin

Vault Community and Vault Enterprise Key/Value kv Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is...

CVE-2025-4166

Vault Community and Vault Enterprise Key/Value kv Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is...

CVE-2025-4166 vulnerabilities

Vulnerabilities for packages: splunk-otel-collector...

CVE-2025-4166 vulnerabilities

Vulnerabilities for packages: splunk-otel-collector-fips, splunk-otel-collector...

Hashicorp Vault Community vulnerable to Generation of Error Message Containing Sensitive Information

Vault Community and Vault Enterprise Key/Value kv Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is...

GHSA-GCQF-F89C-68HV Hashicorp Vault Community vulnerable to Generation of Error Message Containing Sensitive Information

Vault Community and Vault Enterprise Key/Value kv Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is...

CVE-2025-4166

Vault Community and Vault Enterprise Key/Value kv Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is...

CVE-2025-4166

Vault Community and Vault Enterprise Key/Value kv Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is...

CVE-2025-4166 Vault May Include Sensitive Data in Error Logs When Using the KV v2 Plugin

Vault Community and Vault Enterprise Key/Value kv Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is...

CVE-2025-4166

CVE-2025-4166 affects Vault Community and Vault Enterprise KV v2 plugin. When handling malformed payloads during secret create/update via the Vault REST API, servers/audit logs may leak sensitive information due to error message content. The issue is fixed in Vault Community 1.19.3 and Vault Ente...

CVE-2025-4166 Vault May Include Sensitive Data in Error Logs When Using the KV v2 Plugin

Vault Community and Vault Enterprise Key/Value kv Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is...

CVE-2025-4166

Vault Community and Vault Enterprise Key/Value kv Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is...