Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

144 matches found

Veracode
Veracodeadded 2026/05/16 5:29 a.m.7 views

Sensitive Information Exposure

com.ritense.valtimo, web is vulnerable to sensitive information exposure. The vulnerability is due to the LoggingRestClientCustomizer automatically logging full HTTP request and response details, including headers and bodies, in error messages, which allows an attacker to access sensitive...

7.6CVSS5.8AI score0.00037EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blogadded 2026/04/16 8:42 p.m.2 views

Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService

Summary The InboxHandlingService logs the full content of every incoming inbox message at INFO level logger.info"Received message: ", message. Inbox messages are wrappers around outbox message data, which can contain highly sensitive information such as personal data PII, citizen identifiers BSN,...

4.9CVSS5.8AI score0.00015EPSS
Exploits0References7Affected Software1
Snyk
Snykadded 2026/03/27 5:31 p.m.4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the logs and logs-stream endpoints. An attacker can access sensitive application log data by authenticating with basic user privileges, as these endpoints do not enforce privilege checks. Remediation There is n...

7.1CVSS5.9AI score0.00071EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/03/27 2:43 p.m.3 views

CVE-2026-5025 Langflow - Application Logs Exposed to All Authenticated Users

The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication 'getcurrentactiveuser' without any privilege checks e.g., 'issuperuser'...

6.5CVSS5.9AI score0.00071EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/03/27 2:43 p.m.17 views

CVE-2026-5025 Langflow - Application Logs Exposed to All Authenticated Users

The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication 'getcurrentactiveuser' without any privilege checks e.g., 'issuperuser'...

6.5CVSS0.00071EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2026/03/18 4:3 p.m.2 views

Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.3.4

Logging for Red Hat OpenShift - 6.3.4 Red Hat OpenShift Logging 6.3.4 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs...

7.5CVSS6.8AI score0.00045EPSS
Exploits2References3
ATTACKERKB
ATTACKERKBadded 2026/03/12 9:31 p.m.1 views

CVE-2026-32598

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log...

6.9CVSS5.8AI score0.00039EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVEadded 2026/03/11 1:19 p.m.2 views

CVE-2026-21791

HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL...

3.3CVSS5.8AI score0.00018EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/10 6:31 p.m.1 views

EUVD-2026-10489

HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL...

3.3CVSS5.8AI score0.00018EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/10 10:10 a.m.2 views

CVE-2026-21791

HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL...

3.3CVSS5.8AI score0.00018EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/03/10 12:0 a.m.1 views

PT-2026-24198

Name of the Vulnerable Software and Affected Versions HCL Sametime for Android affected versions not specified Description HCL Sametime for Android has a flaw that leads to sensitive information disclosure. Hostnames are written into application logs and specific URLs. Recommendations At the...

3.3CVSS5.8AI score0.00018EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/03/06 7:55 a.m.3 views

CVE-2026-21786

HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs...

3.3CVSS5.8AI score0.00018EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2026/03/05 8:42 p.m.4 views

Gokapi has privilege escalation via incomplete API-key permission revocation on user rank demotion

Summary A privilege escalation vulnerability in the user rank demotion logic allows a demoted user's existing API keys to retain ApiPermManageFileRequests and ApiPermManageLogs permissions, enabling continued access to upload-request management and log viewing endpoints after the user has been...

5.4CVSS5.8AI score0.00008EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2026/03/05 8:15 a.m.4 views

CVE-2026-21786

HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs...

3.3CVSS0.00018EPSS
Exploits0References1
OSV
OSVadded 2026/03/05 8:15 a.m.2 views

CVE-2026-21786

HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs...

3.3CVSS5.8AI score0.00018EPSS
Exploits0References1
CVE
CVEadded 2026/03/05 7:15 a.m.6 views

CVE-2026-21786

Technical details about CVE-2026-21786 are not publicly available in the provided documents. Monitor for updates.

3.3CVSS5.9AI score0.00018EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/03/05 12:0 a.m.1 views

PT-2026-23413

HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs...

3.3CVSS5.9AI score0.00018EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/02/09 9:4 p.m.2 views

CVE-2026-25813 PlaciPy Exposes Sensitive Data via Application Logs

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...

8.7CVSS5.5AI score0.00051EPSS
Exploits0References1
OSV
OSVadded 2026/02/09 9:4 p.m.2 views

CVE-2026-25813 PlaciPy Exposes Sensitive Data via Application Logs

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...

8.7CVSS5.5AI score0.00051EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/02/09 9:4 p.m.24 views

CVE-2026-25813 PlaciPy Exposes Sensitive Data via Application Logs

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...

8.7CVSS0.00051EPSS
Exploits0References1
Rows per page
Query Builder