63 matches found
CVE-2026-61862
ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed read past the profile boundary. This behavior occurs whe...
CVE-2026-61862 ImageMagick before 7.1.2-26 Information Disclosure via identify
ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed read past the profile boundary. This behavior occurs whe...
EUVD-2026-44611
ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed read past the profile boundary. This behavior occurs whe...
CVE-2026-59947
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...
CVE-2026-59947
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...
CVE-2026-4659
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insufficient path traversal sanitization in the URLtoRelative and urlToPath functions, combined with the...
CVE-2026-23303
A flaw was found in the Linux kernel's Server Message Block SMB client. When debug logging is enabled, the cifssetcifscreds function logs plaintext credentials, including usernames and passwords. This information disclosure vulnerability allows a local attacker with access to the debug logs to...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla1280: A kernel oops occurs when the debug level is greater than 2. A null dereference or oops exception will eventually occur when the qla1280.c driver is compiled with DEBUGQLA1280 enabled and when qldebuglevel is great...
GHSA-8GGH-XWR9-3373 Ansible Community General Collection is vulnerable to exposure of sensitive information
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and...
DEBIAN-CVE-2025-14010
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and...
PT-2025-49009
Name of the Vulnerable Software and Affected Versions ansible-collection-community-general affected versions not specified Description A flaw exists in ansible-collection-community-general that can lead to information exposure of sensitive credentials, specifically plaintext passwords. This occur...
Linux Distros Unpatched Vulnerability : CVE-2025-14010
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext...
EUVD-2025-31616
Malicious code in bioql PyPI...
CVE-2025-35031
Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08...
CVE-2025-35031
Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08...
CVE-2025-35031
Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08...
CVE-2025-35031 Medical Informatics Engineering Enterprise Health includes session token in debug output
Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08...
CVE-2025-35031
Medical Informatics Engineering Enterprise Health is affected by CVE-2025-35031, where the software includes the user’s current session token in debug output. This enables an attacker to impersonate the user if the token is exfiltrated (e.g., via the user sending debug output). The issue is fixed...
CVE-2025-35031 Medical Informatics Engineering Enterprise Health includes session token in debug output
Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08...
PT-2025-39872
Name of the Vulnerable Software and Affected Versions Medical Informatics Engineering Enterprise Health affected versions not specified Description The software includes a user's current session token in debug output. An attacker could potentially convince a user to send this output to the...