Lucene search
K

1125 matches found

NVD
NVD
added 2026/07/03 8:16 a.m.8 views

CVE-2026-8804

Puppet resourceapi shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x does not preserve the sensitive flag on parameters defined via the resource-api, causing values such as passwords to be stored in cleartext in the agent's local transaction state cache. Affected versions of th...

6.7CVSS0.00082EPSS
Exploits0References1
CVE
CVE
added 2026/07/03 7:40 a.m.22 views

CVE-2026-8804

The CVE concerns Puppet’s resource_api (bundled with Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x). A vulnerability exists where the sensitive flag on parameters defined via the resource-api is not preserved, causing values such as passwords to be stored in cleartext in the agent’s l...

6.7CVSS5.9AI score0.00082EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/03 7:40 a.m.43 views

CVE-2026-8804 Cleartext Storage of Sensitive Information for Puppet Resource API

Puppet resourceapi shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x does not preserve the sensitive flag on parameters defined via the resource-api, causing values such as passwords to be stored in cleartext in the agent's local transaction state cache. Affected versions of th...

6.7CVSS0.00082EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/18 12:20 a.m.8 views

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the process that handles service bindings from VCAPSERVICES containing TLS client credentials. An attacker can access sensitive private key material by reading temporary files created with...

5.7CVSS5.9AI score0.00065EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.11 views

CVE-2026-6598

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

5.3CVSS4.9AI score0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.10 views

CVE-2026-6796

A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function loglogin of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext...

5.3CVSS5.2AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.11 views

CVE-2026-6332

CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it...

7.5CVSS5.5AI score0.00125EPSS
Exploits0References1
OSV
OSV
added 2026/05/21 5:42 p.m.27 views

GHSA-7HH5-PRP2-MFH5 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path

Summary Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the ModelBuilder/Serve component stores an HMAC signing key in cleartext as a container environment variable,...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/21 5:42 p.m.10 views

Cleartext Storage of Sensitive Information

Overview sagemaker-serve is a SageMaker Serve package for model serving and deployment Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the ModelBuilder/Serve component. An attacker can extract sensitive HMAC signing keys by accessing the SageMaker...

9.1CVSS6.2AI score0.00439EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/21 5:42 p.m.9 views

Cleartext Storage of Sensitive Information

Overview sagemaker is an Open source library for training and deploying models on Amazon SageMaker. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the ModelBuilder/Serve component. An attacker can extract sensitive HMAC signing keys by accessing...

9.1CVSS6.2AI score0.00439EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 11:16 a.m.15 views

CVE-2026-0857

Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020...

6CVSS0.00101EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 10:50 a.m.19 views

CVE-2026-0857

CVE-2026-0857 describes Cleartext Storage of Sensitive Information in Memory for the Mesalvo Meona Client Launcher Component (through 19.06.2020 15:11:49) and Meona Server Component (through 2025.04 5+323020). The vulnerability impacts confidentiality (HIGH) with local attack vector and no user i...

6CVSS5.8AI score0.00101EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 10:50 a.m.10 views

CVE-2026-0857

Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020...

6CVSS5.8AI score0.00101EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 10:50 a.m.46 views

CVE-2026-0857

Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020...

6CVSS0.00101EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 10:50 a.m.11 views

EUVD-2026-31091

Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020...

6CVSS5.8AI score0.00101EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.13 views

PT-2026-42140

Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020...

6CVSS5.8AI score0.00101EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.12 views

CVE-2026-8596

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 8:17 p.m.14 views

CVE-2026-8596

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

8.5CVSS0.00439EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/14 7:35 p.m.7 views

CVE-2026-8596 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/14 7:35 p.m.6 views

CVE-2026-8596

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder