CVE-2026-30778

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...

CVE-2026-40091 SpiceDB: SPICEDB_DATASTORE_CONN_URI is leaked on startup logs

SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions 1.49.0 through 1.51.0, when SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext password, inside...

CVE-2026-20115

A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by...

PT-2026-24614

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...

CVE-2026-24308

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...

CVE-2025-1787

Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege...

CVE-2025-1787

CVE-2025-1787 concerns Genetec Update Service. A local, authenticated administrator could leak information from the service’s configuration web page, potentially enabling elevated privileges within the Genetec Update Service. The entry notes a possible combined impact with CVE-2025-1789 for low-p...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988996)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988996 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between nbdallocconfig and module removal When nbd module is being removing,...

EUVD-2020-23277

Malware in sbrugna...

EUVD-2020-4441

Malware in sbrugna...

EUVD-2020-12496

Malware in sbrugna...

EUVD-2020-1960

Malware in sbrugna...

EUVD-2002-0306

Malware in sbrugna...

EUVD-2019-7953

Malware in sbrugna...

EUVD-2022-29616

Malicious code in bioql PyPI...

CVE-2025-53655

Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it...

CVE-2019-19018

An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using...

PT-2025-20371 · Wf2220 · Wf2220

Name of the Vulnerable Software and Affected Versions: WF2220 version affected versions not specified Description: The issue concerns an exposed endpoint "/cgi-bin-igd/netcore get.cgi" that returns the device's configuration to unauthorized users, including a cleartext password. The vendor was...

ZTE ZXHN H168N 3.1 - Remote Code Execution (RCE) via authentication bypass

Exploit Title: ZTE ZXHN H168N 3.1 - RCE via authentication bypass Author: l34n / tasos meletlidis Exploit Blog: https://i0.rs/blog/finding-0click-rce-on-two-zte-routers/ import http.client, requests, os, argparse, struct, zlib from io import BytesIO from os import stat from Crypto.Cipher import A...

CVE-2025-1696

A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in clear text whenever an...