108 matches found
SUSE CVE-2026-42186
OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving...
EUVD-2024-55567
A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer...
CVE-2024-43384
The CVE-2024-43384 entry concerns Phoenix Contact MGUARD products. Affected component: the devices’ handling/storage/transfer of sensitive data. Root cause: improper removal of sensitive information before storage or transfer, enabling exposure of the root password. Impact: a low-privileged remot...
EUVD-2026-22352
Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack...
Windows Recovery Environment Security Feature Bypass Vulnerability
Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack...
PT-2026-32718
CVE-2026-20928 Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security featur… https://t.co/pg5NOejQRf...
CVE-2026-39937 Global vanishing does not completely remove user email
Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....
MediaWiki - CentralAuth Extension 安全漏洞
MediaWiki - CentralAuth Extension is an authentication plugin developed under open source by MediaWiki. The MediaWiki - CentralAuth Extension has a security vulnerability; this vulnerability arises from the improper removal of sensitive information during storage or transmission, which may lead t...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via /ui/api/query/«queryid» and /v1/query/«queryid» endpoints. An attacker can obtain sensitive credentials by accessing the serialized query JSON after performing wri...
CVE-2026-28878
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps...
PT-2026-27598
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps...
CVE-2026-4229
A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...
CVE-2026-4229 vanna-ai vanna bigquery_vector.py remove_training_data sql injection
A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...
PT-2026-25639
Name of the Vulnerable Software and Affected Versions vanna-ai vanna versions up to 2.0.2 Description A flaw exists in the remove training data function within the src/vanna/legacy/google/bigquery vector.py file. Manipulation of the ID argument can lead to SQL injection. This issue can be exploit...
CVE-2026-1182 Improper Removal of Sensitive Information Before Storage or Transfer in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances...
CVE-2026-1182 Improper Removal of Sensitive Information Before Storage or Transfer in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances...
CVE-2025-29946
Insufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU. This can potentially lead to a loss of confidentiality and integrity in guest memory...
CVE-2025-29946
Insufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU. This can potentially lead to a loss of confidentiality and integrity in guest memory...
CVE-2025-29946
Insufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU. This can potentially lead to a loss of confidentiality and integrity in guest memory...
UBUNTU-CVE-2025-29946
Insufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU. This can potentially lead to a loss of confidentiality and integrity in guest memory...