10 matches found
EUVD-2026-27140
Nginx-UI Settings API Exposes Protected Secrets...
Nginx-UI Settings API Exposes Protected Secrets
Summary The GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag is only enforced during writes via ProtectedFill in SaveSettings and is...
CVE-2026-42223
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag...
CVE-2026-42223 nginx-ui: Settings API Exposes Protected Secrets
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag...
EUVD-2024-48468
Malicious code in bioql PyPI...
CVE-2025-59363
In One Identity OneLogin prior to 2025.3.0, the GET /api/2/apps endpoint returned OIDC client_secret values alongside app metadata, enabling disclosure of sensitive credentials. This is caused by excessive data being returned by the Apps API v2 and constitutes a breach of confidentiality for OIDC...
CVE-2024-7569
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information...
CVE-2024-7569
CVE-2024-7569 : Ivanti ITSM on-prem and Neurons for ITSM (versions 2023.4 and earlier) contain an information-disclosure flaw that allows an unauthenticated attacker to retrieve the OIDC client secret via debug information. Public sources consistently describe impact as high confidentiality risk ...
CVE-2024-7569
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information...
CVE-2024-7569
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information...