TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog

Welcome to TruffleHog Explorer , a user-friendly web-based tool to visualize and analyze data extracted using TruffleHog. TruffleHog is one of the most powerful secrets discovery, classification, validation, and analysis open source tool. In this context, a secret refers to a credential a machine...

Authentication Credential Reuse

parse-server is vulnerable to Authentication Credential Reuse. The vulnerability is due to improper isolation of authentication credentials, allowing them to be shared across multiple Parse Server apps using the same third-party authentication provider...

CVE-2025-30168 Parse Server has an OAuth login vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 7.5.2 and 8.0.2, the 3rd party authentication handling of Parse Server allows the authentication credentials of some specific authentication providers to be used across multiple Parse...

CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...

CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...

CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...

CVE-2025-27221

CVE-2025-27221 affects the Ruby URI module (URI.join, URI#merge, URI#+). The root issue is leakage of userinfo credentials when the host is changed, as userinfo is retained. This impacts versions of the URI gem prior to 1.0.3; the issue is fixed in 1.0.3 and later. If exploited, credential exposu...

Security Bulletin: Multiple security vulnerabilities in Cloud Pak foundational services are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF001

Summary IBM Cloud Pak for Business Automation 24.0.1-IF001 updates the version of IBM Cloud Pak foundational services to address multiple security vulnerabilities. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs express is vulnerable to cross-site scripting, caused by improper...

CVE-2024-37362

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. CWE-522 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database...

CVE-2024-37362

CVE-2024-37362 affects Hitachi Vantara Pentaho Data Integration & Analytics. The vulnerability arises because the product transmits or stores authentication credentials using an insecure method, leading to potential disclosure of credentials (e.g., database passwords) when saving connections to R...

CVE-2024-37362 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. CWE-522 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database...

Adobe Experience Manager cross-scripting vulnerability (CNVD-2025-03621)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)

During security testing, Rapid7 discovered that Xerox Versalink C7025 Multifunction printers MFPs were vulnerable to pass-back attacks. The affected products identified were: Xerox Versalink MFPs Firmware Version: 57.69.91 and earlier This issue has been assigned the following CVEs: CVE-2024-1251...

CVE-2025-25184 Possible Log Injection in Rack::CommonLogger

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious conten...

[SECURITY] [DSA 5849-1] git-lfs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5849-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 24, 2025 https://www.debian.org/security/faq -...

ABB Cylon Aspect 3.08.02 Cookie User Password Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The application suffers from cleartext transmission and storage of...

Security Bulletin: IBM Sterling B2B Integrator is affected by multiple vulnerabilities in CKEditor

Summary IBM Sterling B2B Integrator is affected by multiple vulnerabilities in CKEditor Vulnerability Details CVEID:CVE-2021-32808 DESCRIPTION: CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the clipboard Widget plugin if used alongside the...

Cross-site scripting vulnerability in multiple Mozilla products (CNVD-2024-48562)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

CVE-2024-45068 Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA

Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA. This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01...

CVE-2023-50310

IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...