30 matches found
CVE-2026-58658
Summary. CVE-2026-58658 affects GPUStack up to version 2.2.1 and was fixed by commit 4e20551. An unauthenticated attacker can abuse unprotected /serveLogs and /debug endpoints on the worker port to disclose sensitive information and configure logs. Specifically, attackers can enumerate model inst...
CVE-2026-34167 Coolify: Cross-tenant activity log disclosure via unlocked Livewire property in ActivityMonitor
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the ActivityMonitor Livewire component exposes a public $activityId property without Livewire's Locked attribute. It loads activities via Activity::find$this-activityId wit...
CVE-2026-45793
Github Actions issued GITHUBTOKEN disclosure in GitHub Actions logs...
Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs
Summary Composer leaks the full contents of tokens configured as GitHub OAuth tokens if they do not match Composer's expected format for such tokens to stderr. GitHub has introduced a new format for GitHub Actions GITHUBTOKEN values. These tokens are validated in the same way by Composer on GitHu...
CVE-2026-31987 Apache Airflow: JWT token appearing in logs
JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix. Users are recommended to upgrade to version 3.2.0, which fixes this issue...
EUVD-2026-9797
HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs...
WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled
Summary Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can: - Stream real-time application logs information disclosure. - Gain insight into internal file...
CVE-2025-9821 SSRF via webhook function
SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the partial request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. ImpactBypass of firewalls to interact with internal...
PT-2025-27769 · Docker · Docker Desktop
Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.43.0 Description: The issue concerns the recording of system environment variables in Docker Desktop diagnostic logs when using shell auto-completion. This leads to the unintentional disclosure of sensitive...
Gitlab -- Vulnerabilities
Gitlab reports: Privilege Escalation via LFS Tokens Granting Unrestricted Repository Access Cross project access of Security policy bot Advanced search ReDOS in highlight for code results Denial of Service via banzai pipeline Denial of service using adoc files ReDoS in RefMatcher when matching...
Elastic Kibana Log Information Disclosure Vulnerability
Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. A log message disclosure vulnerability exists in Elastic Kibana versions 8.0.0 through 8.11.1, which...
CVE-2023-2878
Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs...
ArgoCD 日志信息泄露漏洞
ArgoCD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository, automatically synchronizing and deploying...
PT-2022-6365 · Dell · Dell Powerscale Onefs
Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 9.0.0.x through 9.4.0.x Description: The issue is related to the cleartext storage of sensitive information in the S3 component, potentially leading to information disclosure. An authenticated local attacker cou...
The vulnerability of the Slack Morphism library for Scala, related to the disclosure of debugging logs in applications, allows attackers to gain unauthorized access to protected information.
The vulnerability of the Slack Morphism library for Scala is related to the disclosure of information in application debugging logs. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
CVE-2022-39848
Exposure of sensitive information in ATDistributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log...
CVE-2022-2369 YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure
The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin...
CVE-2022-33693
Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log...
YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure
The plugin does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin @author : 0xshdax Rafshanzani Suhada @usage : python3 script.py http://localhost import requests, sys, re, json Setup here url = sys.argv1 headers =...
YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure
The plugin does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin PoC @author : 0xshdax Rafshanzani Suhada @usage : python3 script.py http://localhost import requests, sys, re, json Setup here url = sys.argv1 headers =...