CVE-2026-36539

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skkget.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

Information Exposure

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Information Exposure via the /api/v4/args and /api/v4/args/item endpoints, which return sensitive information such as password hashes, SNMP community strings, SNMP authenticati...

CVE-2026-30928

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file glances.conf via self.config.asdict with no filtering of sensitive values. The configuration file contains credentials for all...

EUVD-2018-21604

VestaCP commit a3f0fa1 2018-05-31 up to commit ee03eff 2018-06-13 contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot...

CVE-2025-58366 Onyxia private helm repository credentials are leaked through unauthenticated API

Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public unauthenticated /public/catalogs endpoint.vOnly instances using private helm repositories i.e setting username & password in the...

CVE-2024-28110 Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials

Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When...

CVE-2021-27925

An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can depending on a race condition cause an internal user with administrator privileges, @nsserver, to have its credentials leaked in cleartext in the...

Information disclosure

Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials...

Information Disclosure

ansible is vulnerable to information disclosure. The application can leak vulnerable information when the /etc/apt/sources.list file encounters a line starting with deb http://user:pass@server:port/. This can then be used to construct a file containing the user and pass fields, thereby leaking...

Minecraft hacked! More than 1800 Minecraft account Credentials Leaked

A sad reality for gamers all around the world who enjoy playing the very popular game Minecraft on their PCs. If you are one of them, you'll want to pay attention here. A plain text file containing over 1,800 Minecraft account usernames and passwords has just been leaked online, German media...

Peru Domains Registrar hacked and 207116 Domain panel credentials leaked

A huge hack carried out today ! One of the biggest Peru Domain registrar company punto.pe hacked by Lulzsecperu declared by a tweet and Complete database of 207116 websites has been leaked on internet. Leaked database include Domain panel username, encrypted password, Company descriptions. Hacked...

International Foreign Government E-Mails Hacked by TeaMp0isoN

International Foreign Government E-Mails Hacked by TeaMp0isoN TeaMp0isoN group of hackers claim to hack more than 150 Email Id's of International Foreign Governments. They Release the Email List with Password on Pastebin note. Hex000101 Hacker, A member of TeaMp0isoN team got these Login...