CVE-2026-53839

OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted host to send authentication material to untrusted endpoin...

Apache StreamPark Weak Algorithm Vulnerability

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a weak algorithmic vulnerability that stems from the use of weak encryption algorithms, which can be exploited by an attacker to expose sensitive...

CVE-2025-12508

CVE-2025-12508 affects BRAIN2: when domain users act as BRAIN2 users, communication with Active Directory services is unencrypted, risking interception of authentication data and confidentiality. Documents consistently identify BRAIN2 as the affected software and describe the unencrypted AD traff...

EUVD-2019-2157

Malware in sbrugna...

EUVD-2014-4729

Malware in sbrugna...

EUVD-2012-0823

Malware in sbrugna...

EUVD-2021-27114

Malware in sbrugna...

CVE-2023-34339

In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message...

[SECURITY] [DLA 4175-1] mongo-c-driver security update

Debian LTS Advisory DLA-4175-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez May 20, 2025 https://wiki.debian.org/LTS Package : mongo-c-driver Version : 1.17.6-1+deb11u1 CVE ID : CVE-2021-32050 CVE-2023-0437 CVE-2024-6381 CVE-2024-6383 CVE-2025-0755 Multiple...

The vulnerability of the Yealink Meeting Server lies in the insufficient protection of operational data, which allows attackers to gain access to user authentication information.

The vulnerability of the Yealink Meeting Server lies in the insufficient protection of sensitive data. Exploiting this vulnerability can allow a malicious actor to gain access to user authentication credentials remotely...

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

PT-2024-5018 · Unknown +2 · Rpm-Ostree +2

Name of the Vulnerable Software and Affected Versions: rpm-ostree affected versions not specified Description: A security issue has been found in rpm-ostree, related to the /etc/shadow file having the world-readable bit enabled in default builds. This is due to default permissions being set highe...

PT-2023-4650 · Mongodb +2 · Mongodb Node.Js Driver +5

Name of the Vulnerable Software and Affected Versions: MongoDB C Driver versions 1.0.0 through 1.17.7 MongoDB PHP Driver versions 1.0.0 through 1.9.2 MongoDB Swift Driver versions 1.0.0 through 1.1.1 MongoDB Node.js Driver 3.6 versions 3.6 through 3.6.10 MongoDB Node.js Driver 4.0 versions 4.0...

GHSA-C5FP-X2H5-VJV7 Apache Pulsar Java Client vulnerable to Improper Certificate Validation

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...

PT-2022-21797 · Apache · Apache Pulsar Java Client

Name of the Vulnerable Software and Affected Versions: Apache Pulsar Java Client versions 2.6.4 and earlier Apache Pulsar Java Client versions 2.7.0 through 2.7.4 Apache Pulsar Java Client versions 2.8.0 through 2.8.3 Apache Pulsar Java Client versions 2.9.0 through 2.9.2 Apache Pulsar Java Clien...

CVE-2021-41011

LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information...

PT-2021-13890 · Mongodb · Mongodb C Driver

Name of the Vulnerable Software and Affected Versions: MongoDB C Driver versions 2.12.0 through 2.12.1 Description: The MongoDB C Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain...

CVE-2018-0335

A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring...