412 matches found
[SECURITY] Fedora 40 Update: valkey-8.0.3-1.fc40
Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...
[SECURITY] Fedora 40 Update: redis-7.2.8-1.fc40
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure when validating malformed payloads in the Validate function used by the KV v2 plugin. If payloads containing secrets are sent in creation or update requests to the REST API and caught by the validator, their content...
CVE-2025-4166
CVE-2025-4166 affects Vault Community and Vault Enterprise KV v2 plugin. When handling malformed payloads during secret create/update via the Vault REST API, servers/audit logs may leak sensitive information due to error message content. The issue is fixed in Vault Community 1.19.3 and Vault Ente...
CVE-2025-4166
Vault Community and Vault Enterprise Key/Value kv Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is...
Vault May Expose Sensitive Information in Error Logs When Processing Malformed Data With the KV v2 Plugin
Summary Vault Community and Vault Enterprise Key/Value kv Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as...
PT-2025-18795 · Hashicorp +1 · Vault Community +3
Name of the Vulnerable Software and Affected Versions: Vault Community versions prior to 1.19.3 Vault Enterprise versions prior to 1.19.3, 1.18.9, 1.17.16, 1.16.20 Description: The Key/Value kv Version 2 plugin in Vault Community and Vault Enterprise may unintentionally expose sensitive informati...
CachePrune: Neural-Based Attribution Defense against Indirect Prompt Injection Attacks
Large Language Models LLMs are identified as being susceptible to indirect prompt injection attack, where the model undesirably deviates from user-provided instructions by executing tasks injected in the prompt context. This vulnerability stems from LLMs' inability to distinguish between data and...
CVE-2025-29045
Buffer Overflow vulnerability in ALFACAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the newaptext0 key value...
Routing in Spin Apps with Hono
Learn how to use Hono to build full-fledged HTTP APIs with Spin and TypeScript, including middleware, route parameters, and key-value store integration...
[SECURITY] Fedora 41 Update: rust-litemap-0.7.3-5.fc41
A key-value Map implementation based on a flat, sorted Vec...
[SECURITY] Fedora 40 Update: rust-litemap-0.7.3-5.fc40
A key-value Map implementation based on a flat, sorted Vec...
[SECURITY] Fedora 42 Update: rust-litemap-0.7.3-5.fc42
A key-value Map implementation based on a flat, sorted Vec...
CVE-2025-29045
Buffer Overflow vulnerability in ALFACAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the newaptext0 key value...
CVE-2025-29042
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c...
CVE-2025-29045
Buffer Overflow vulnerability in ALFACAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the newaptext0 key value...
CVE-2025-29042
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c...
The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, arises from deficiencies in access control. This vulnerability allows an attacker to gain read, modify, or delete access to data stored in the KV Store (Key Value Store).
The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain read,...
Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform
Splunk fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform The vulnerabilities allow low-privileged users to abuse higher user privileges, which can lead to unauthorized actions and access to sensitive information. This can occur through phishing attacks and Cross-Site Request...
CVE-2025-20230 Missing Access Control and Incorrect Ownership of Data in App Key Value Store (KVStore) collections in the Splunk Secure Gateway App
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value...