5 matches found
CVE-2026-25918
unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...
CVE-2026-25918
The CVE concerns the unity-cli tool (specifically the sign-package command in the package @rage-against-the-pixel/unity-cli). Before version 1.8.2, when invoked with --verbose, the command logs sensitive credentials in plaintext by serializing CLI arguments (including --email and --password) with...
CVE-2025-27152
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue...
CVE-2025-27152 Possible SSRF and Credential Leakage via Absolute URL in axios Requests
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue...
CVE-2025-27152 Possible SSRF and Credential Leakage via Absolute URL in axios Requests
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue...