CVE-2025-15609

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc...

CVE-2026-45021

Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the control plane is...

CVE-2026-45021

Kuma CVE-2026-45021 describes a cross-origin exposure in the default kuma-cp config where CorsAllowedDomains: "." and LocalhostIsAdmin: true enable a browser-based attacker to fetch admin credentials from the control plane. Before versions 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, a malicious...

MAL-2026-4795 Malicious code in massive (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02d8dea3e47a2bd45fc796f33fc582956aec2be887add9672fd5eccc91c2135d Package self-describes as the 'Official Massive formerly Polygon.io REST and Websocket client,' a false rebrand claim — Polygon.io has not changed...

Astra Linux - уязвимость в nss

NSS has demonstrated timing differences during the execution of DSA signatures, which can be exploited and may eventually lead to the leakage of private keys. This vulnerability affects Thunderbird versions 68.9.0, Firefox versions 77, and Firefox ESR versions 68.9...

EUVD-2025-209890

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc...

CVE-2025-15609

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc...

PT-2026-41827

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc...

GHSA-5JJF-WCVF-923W Langflow has an Information Leak through Incomplete API Key Redaction

A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function removeapikeys/hasapiterms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiated...

Anthropic Claude Code < 2.0.65 API Key Leak via Project Settings (CVE-2026-21852)

The version of Anthropic Claude Code installed on the remote host is prior to 2.0.65. It is, therefore, affected by an information disclosure vulnerability. A vulnerability in the project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirm...

CVE-2026-34076

The CVE-2026-34076 issue is a SSRF in Clerk JavaScript’s opt-in clerkFrontendApiProxy feature. Affected packages and fix versions are: @clerk/backend (3.0.0–3.2.2; fixed in 3.2.3), @clerk/express (2.0.0–2.0.6; fixed in 2.0.7), @clerk/hono (0.1.0–0.1.4; fixed in 0.1.5), and @clerk/fastify (3.1.0–3...

PT-2026-29315

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the discourse-subscriptions plugin leaks stripe API keys across sites in a multisite cluster resulting in the potential fo...

CVE-2026-25146

OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are at least two paths where the gatewayapikey secret value is rendered to the client in plaintext. These secret keys being leaked could result in arbitrary...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : wlc vulnerabilities (USN-7981-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7981-1 advisory. It was discovered that wlc did not correctly handle SSL verification. An attacker could possibly use this iss...

CVE-2026-21852 Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation

Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets...

CVE-2025-59137

creationtimestamp| type| source ---|---|--- 2026-01-20 20:33:52+00:00| seen| Telegram/keysXW7hEKYIw15QdawfQpLvMANk1Gh5H-G6lI8-hSBN1c...

MiracleLinux 3 : libgcrypt-1.4.4-7.AXS3 (AXSA:2013-678:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-678:01 advisory. Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version. Security issues fixed with this...

Exposure of Data Element to Wrong Session

Overview skypilot is a SkyPilot: Run AI on Any Infra — Unified, Faster, Cheaper. Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session in the form of allowing users to see the pending jobs belonging to other users, under some conditions, and leaking keys in...

CVE-2025-53743

The CVE-2025-53743 entry affects Jenkins Applitools Eyes Plugin (versions 1.16.5 and earlier). The underlying issue is that Applitools API keys are displayed on the job configuration form and are not masked, enabling potential observation or capture by users with access. Publicly detailed referen...

AstrBot Has Path Traversal Vulnerability in /api/chat/get_file

Impact This vulnerability may lead to: Information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data. Reproduce Follow these steps to set up a test environment for reproducing the vulnerability: 1. Install dependencies and clone the repository: bash pip...