Lucene search
K

376 matches found

Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-58658 GPUStack Unauthenticated Information Disclosure via Worker Endpoints

GPUStack through 2.2.1, fixed in commit 4e20551, contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to access sensitive inference logs and modify worker configuration by exploiting unprotected /serveLogs and /debug endpoints on the worker port...

8.8CVSS
Exploits0References3
NVD
NVD
added 2026/07/08 3:16 p.m.7 views

CVE-2026-54652

Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/service endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and...

8.1CVSS0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 2:52 p.m.33 views

CVE-2026-54652 Frigate viewer can read logs exposing admin and camera credentials

Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/service endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and...

8.1CVSS0.00231EPSS
Exploits0References3
OSV
OSV
added 2026/07/08 2:52 p.m.2 views

CVE-2026-54652 Frigate viewer can read logs exposing admin and camera credentials

Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/service endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and...

8.1CVSS6.1AI score0.00231EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/07 3:12 a.m.6 views

CVE-2026-34044

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...

7.7CVSS5.9AI score0.00244EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/06 9:22 p.m.10 views

GHSA-VJC7-JRH9-9J86 9router has unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats

--- title: Unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats product: 9Router version: = 0.4.41 severity: critical cverequest: true --- Summary Multiple critical API security vulnerabilities were discovered in 9Router's Next.js dashboard. The /api/providers endpoin...

10CVSS6.1AI score0.00521EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/06 2:47 p.m.9 views

nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS6.5AI score0.00437EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 4:52 a.m.6 views

nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS6.8AI score0.00437EPSS
Exploits0References5
CVE
CVE
added 2026/06/29 1:18 p.m.14 views

CVE-2026-56457

The CVE concerns HCL DevOps Deploy / HCL Launch with a vulnerability that allows exposure of sensitive information via output logs. The description notes that an attacker with access to the logs could potentially obtain sensitive values associated with a step. The Connected CVE lists confirm the ...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2026/06/29 5:48 a.m.5 views

BIT-NODE-MIN-2026-48615

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...

7.5CVSS7AI score0.00437EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/26 10:34 p.m.8 views

CVE-2026-48615

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS6.1AI score0.00437EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 1:14 a.m.8 views

EUVD-2026-39606

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...

7.5CVSS6.6AI score0.00437EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 4:34 a.m.6 views

EUVD-2026-39172

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed sensitive information to be written to application logs due to insufficient filtering in a CI/CD API endpoint...

4.4CVSS5.8AI score0.0013EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 9:56 p.m.16 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Kafka (CVE-2026-35554)

Summary A vulnerability in Apache Kafka that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2026-33558 DESCRIPTION: Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and response...

8.7CVSS5.8AI score0.00535EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/20 7:16 p.m.13 views

CVE-2026-56346

AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to perform server-side decryption without credential...

6.9CVSS0.00392EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 6:27 p.m.9 views

CVE-2026-56346

AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to perform server-side decryption without credential...

6.9CVSS5.9AI score0.00392EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/20 6:27 p.m.11 views

EUVD-2026-38133

AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to perform server-side decryption without credential...

6.9CVSS5.9AI score0.00392EPSS
Exploits0References2
OSV
OSV
added 2026/06/20 6:27 p.m.3 views

CVE-2026-56346 AVideo - Unauthenticated PGP Message Decryption via decryptMessage.json.php Endpoint

AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to perform server-side decryption without credential...

6.9CVSS6AI score0.00392EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-48615

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy...

7.5CVSS6.7AI score0.00437EPSS
Exploits0References4
OSV
OSV
added 2026/06/16 12:37 p.m.7 views

BIT-DISCOURSE-2026-44779 Discourse: Bot debug endpoints disclose whisper translation audit logs

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0...

4.3CVSS5.2AI score0.00235EPSS
Exploits0References2
Rows per page
Query Builder