Lucene search
K

12 matches found

NVD
NVD
added 2026/06/02 11:16 p.m.16 views

CVE-2026-44653

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only VIEW access to an MCP server can retrieve the server's decrypted admin-managed secrets through GET /api/mcp/servers and GET /api/mcp/servers/:serverName. The returned...

6.5CVSS0.00276EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/05 7:33 p.m.9 views

Prometheus Azure AD remote write OAuth client secret exposed via config API

Impact Users who use Azure AD remote write with OAuth authentication are impacted. The clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving the configuration via the...

7.5CVSS5.8AI score0.00326EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.11 views

PT-2026-36923

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.8 Description The GetSettings API handler in the api/settings/settings.go file serializes all settings structs to JSON and returns them to authenticated users. While many sensitive fields are marked as protected,...

6.8CVSS5.8AI score0.00295EPSS
Exploits1References12
OSV
OSV
added 2026/02/19 11:57 p.m.9 views

CVE-2026-26964 Windmill Exposes Workspace Slack OAuth Client Secrets to Non-Admin Workspace Members

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Versions 1.634.6 and below allow non-admin users to obtain Slack OAuth client secrets, which should only be accessible to workspace administrators. The GET...

2.7CVSS5.5AI score0.00274EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.7 views

PT-2026-20970

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Versions 1.634.6 and below allow non-admin users to obtain Slack OAuth client secrets, which should only be accessible to workspace administrators. The GET /api/w/workspace/workspaces/get...

2.7CVSS5.5AI score0.00274EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-7328

Malware in sbrugna...

9.8CVSS9.4AI score0.00884EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/10/06 6:14 a.m.8 views

CVE-2025-59405

The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices contains a cleartext DataDog API key within in its codebase. Because application binaries can be trivially decompil...

7.5CVSS6.9AI score0.0044EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-32196

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.0044EPSS
Exploits1References5
OSV
OSV
added 2025/10/02 5:16 p.m.5 views

CVE-2025-59405

The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices contains a cleartext DataDog API key within in its codebase. Because application binaries can be trivially decompil...

7.5CVSS5.8AI score0.0044EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/10/02 12:0 a.m.8 views

CVE-2025-59405

The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices contains a cleartext DataDog API key within in its codebase. Because application binaries can be trivially decompil...

0.0044EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/11/06 2:54 p.m.20 views

CVE-2024-6861 Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api

A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API...

7.5CVSS0.00658EPSS
Exploits0References5
OSV
OSV
added 2022/09/29 3:15 a.m.4 views

CVE-2020-15331

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTHSECRETKEY in /opt/axess/etc/default/axess...

9.8CVSS5.8AI score0.00884EPSS
Exploits1References2
Rows per page
Query Builder