9323 matches found
MAL-2026-6862 Malicious code in pino-pretty-logs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7864fcfe92b62b2ddc003e696cbe02d18e0979f4336bff4cc9352f318b260fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in pino-pretty-logs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7864fcfe92b62b2ddc003e696cbe02d18e0979f4336bff4cc9352f318b260fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling
A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...
CVE-2026-44934 Exposed tokens in SUSE Rancher AI Agent logs
A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials...
nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling
A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...
nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling
A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...
PT-2026-56008
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.469 Description An authenticated remote command injection issue exists in the application deployment handling. Users with application write permissions can achieve remote code execution and exfiltrate...
PT-2026-56081
Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The AgentLogLine dashboard component uses the ansi-to-html library without the escapeXML: true setting and...
CVE-2026-12557
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all...
EUVD-2026-41484
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all...
CVE-2026-12557
CVE-2026-12557 affects the Ninja Forms - File Uploads plugin for WordPress. All versions up to 3.3.29 allow an unauthenticated user to bypass authorization, enabling reads of plugin debug logs stored in the wp_nf3_log table and permanent deletion of log rows via the debug-log/delete-all and debug...
EUVD-2026-41465
The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...
CVE-2026-55726
The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...
PT-2026-55494
Name of the Vulnerable Software and Affected Versions Ninja Forms - File Uploads versions prior to 3.3.30 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. This allows unauthenticated attackers to read all...
CVE-2026-55726
CVE-2026-55726 concerns Gardyn IoT Hub: the Azure Blob Storage container used for device logs is publicly listable without authentication, enabling access to any device log file in that container. The root cause is a misconfiguration of storage permissions, exposing logs to unauthenticated users....
CVE-2026-55726
The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...
CVE-2026-55726 Gardyn IoT Hub Exposure of Sensitive System Information to an Unauthorized Control Sphere
The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...
CVE-2026-8147
In MLflow versions prior to 3.14.0, when running with authentication enabled, the trace API endpoints lack proper authorization validators. This allows any authenticated user to bypass experiment-level authorization controls on all trace operations, including reading, deleting, and modifying trac...
OPENSUSE-SU-2026:21208-1 Security update for cockpit
This update for cockpit fixes the following issue - CVE-2026-4802: remote command execution via unsanitized user-controlled parameters within crafted links in system logs UI bsc1265040...
Apache ZooKeeper: Apache ZooKeeper: Information disclosure via improper handling of configuration values
A flaw was found in Apache ZooKeeper. Improper handling of configuration values in ZKConfig allows an attacker to expose sensitive information. This occurs when sensitive client configuration values are logged at an INFO level in the client's logfile. This vulnerability can lead to information...