Lucene search
K

25 matches found

Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.15 views

PT-2026-45375

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description The Log server authorizes JWT tokens against Dag IDs by applying the str.lstrip function to the requested path segment when verifying the sub claim. Because str.lstrip removes any character fr...

3.1CVSS5.8AI score0.00344EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/05/14 4:33 p.m.8 views

Portainer: JWT accepted in URL query leaks tokens to logs and referers

Summary Portainer's authentication middleware accepts JWT bearer tokens passed as the ?token= URL query parameter on any authenticated API endpoint, in addition to the standard Authorization: Bearer header. URLs are recorded in reverse-proxy access logs, browser history, and HTTP Referer headers ...

7.7CVSS5.8AI score0.00316EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/05/14 4:33 p.m.3 views

GHSA-JVP4-Q659-95MJ Portainer: JWT accepted in URL query leaks tokens to logs and referers

Summary Portainer's authentication middleware accepts JWT bearer tokens passed as the ?token= URL query parameter on any authenticated API endpoint, in addition to the standard Authorization: Bearer header. URLs are recorded in reverse-proxy access logs, browser history, and HTTP Referer headers ...

7.7CVSS5.8AI score0.00316EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/05/01 12:0 a.m.33 views

CVE-2026-37504

Sensitive servertoken exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be...

5.3CVSS0.00286EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/05 7:50 p.m.6 views

Gogs: Access tokens get exposed through URL params in API requests

Summary The Gogs API still accepts tokens in URL parameters such as token and accesstoken, which can leak through logs, browser history, and referrers. Details A static review shows that the API still checks tokens in the URL query before looking at headers: - internal/context/auth.go reads...

6.9CVSS5.9AI score0.00254EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/04 4:16 p.m.4 views

CVE-2025-62879

A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens both accessKey and secretKey into the rancher-backup-operator pod's logs...

4.9CVSS5.7AI score0.0034EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.9 views

PT-2026-20791

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description The application logs Telegram bot tokens without redaction when they appear in error messages or stack traces, such as in request URLs including https://api.telegram.org/bot/.... This can lead t...

6.9CVSS5.5AI score0.00142EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.5 views

CVE-2025-12679

A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption PBE key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key. Note: The vulnerability is only triggered duri...

7.1CVSS8.4AI score0.00148EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/15 1:14 p.m.21 views

CVE-2026-22644

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...

5.3CVSS0.00478EPSS
Exploits0References6
EUVD
EUVD
added 2025/11/25 11:33 p.m.7 views

EUVD-2025-199666

Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys SUPABASEAPIKEY, TOKEN are loaded using environment variables, but there are cases in code error handling, summaries, webhooks where configuration summaries may inadvertently leak sensitiv...

8.8CVSS6.5AI score0.00229EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/25 11:33 p.m.13 views

CVE-2025-65957 Core Bot is Leaking Sensitive Credentials in Logs, Errors, and Messages

Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys SUPABASEAPIKEY, TOKEN are loaded using environment variables, but there are cases in code error handling, summaries, webhooks where configuration summaries may inadvertently leak sensitiv...

8.8CVSS0.00229EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/29 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-11065

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information...

5.3CVSS6.7AI score0.00357EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-52893

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 m...

6.5CVSS6.2AI score0.00335EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/15 5:10 p.m.50 views

CVE-2025-55285 @backstage/plugin-scaffolder-backend Template Secret Leakage in Logs in Scaffolder When Using `fetch:template`

@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly redacted. If $ secrets.x is not passed...

2.6CVSS0.0021EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-4237

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2key module prints out the private key directly to the standard output...

7.8CVSS7.1AI score0.00239EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/26 12:0 a.m.8 views

PT-2024-22598 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p7 Checkmk versions prior to 2.2.0p28 Checkmk versions prior to 2.1.0p45 Checkmk versions prior to or equal to 2.0.0p39 Description: The issue allows sensitive information to be inserted into log files, causing...

2.7CVSS6.8AI score0.00337EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/12/19 12:0 a.m.3 views

Backstage Information Disclosure Vulnerability

Backstage is a software application. Backstage is an open platform for building developer portals. A security vulnerability exists in Backstage that stems from the GitlabDiscoveryEntityProvider leaking gitlab integration tokens in logs when tokens with newlines are supplied...

5.7CVSS6.8AI score0.00561EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/26 12:0 a.m.5 views

Elasticsearch Log Information Disclosure Vulnerability

Elasticsearch is a search engine based on the Lucene library. A security vulnerability exists in Elasticsearch that stems from the fact that sensitive information and credentials are not filtered out when requests to Elasticsearch use certain deprecated API URIs. This could result in sensitive...

4.4CVSS6.5AI score0.00228EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/01 12:0 a.m.3 views

GitLab CE/EE 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE, which stems from the leakage o...

6.4CVSS6.4AI score0.00719EPSS
Exploits1References6
OSV
OSV
added 2022/08/29 3:15 p.m.2 views

DEBIAN-CVE-2022-0718

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote " in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext...

4.9CVSS5AI score0.01335EPSS
Exploits1References1
Rows per page
Query Builder