861 matches found
CVE-2026-2462
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, and 10.11.x
CVE-2026-2476 MS Teams plugin sensitive config values not properly masked in support packets
Mattermost Plugins versions =2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606...
CVE-2026-2476
Mattermost Plugins versions =2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606...
PT-2026-25680
Name of the Vulnerable Software and Affected Versions Mattermost Plugins versions through 2.0.3.0 Description The Mattermost plugins do not properly mask sensitive configuration values. This allows an attacker with access to support packets to obtain original plugin settings through exported...
CVE-2017-20217 Serviio PRO 1.8 REST API Information Disclosure
Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrie...
CVE-2017-20217 Serviio PRO 1.8 REST API Information Disclosure
Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrie...
CVE-2017-20217
CVE-2017-20217 affects Serviio PRO 1.8 and related builds via an information-disclosure vulnerability in the Configuration REST API. The root cause is improper access-control enforcement, allowing unauthenticated remote attackers to send crafted REST requests and retrieve sensitive configuration ...
CVE-2025-13779 Configuration Data Spill
Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...
CVE-2025-13779 Configuration Data Spill
Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...
Malicious Package
Overview transform-proto-to-assign is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavio...
Malicious Package
Overview es6-recommended is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...
Malicious Package
Overview transform-dev is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The packag...
CVE-2026-0231 Cortex XDR Broker VM: Sensitive Information Disclosure Vulnerability
An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting. The attacker must have network access to the Broke...
GHSA-GH4X-F7CQ-WWX6 Glances Exposes Unauthenticated Configuration Secrets
Summary The /api/4/config REST API endpoint returns the entire parsed Glances configuration file glances.conf via self.config.asdict with no filtering of sensitive values. The configuration file contains credentials for all configured backend services including database passwords, API tokens, JWT...
CVE-2026-24308
Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...
OpenClaw Information Disclosure Vulnerability (CNVD-2026-13370)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an information disclosure vulnerability. The vulnerability stems from the fact that skills.status may return raw parsed configuration values for the skills.config path via configChecks, which can be...
CVE-2026-2584
A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...
CVE-2026-2584
A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...
CVE-2026-2584
CVE-2026-2584 describes a critical SQL injection in the authentication module of the Ciser System SL firmware. An unauthenticated, remote attacker can exploit the login interface by sending crafted SQL queries, with attack vector NETWORK and attack complexity LOW . The impact per metrics: total c...
CVE-2026-2584 SQL Injection in Ciser System SL firmware
A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...