14 matches found
GuardDog 安全漏洞
GuardDog is an open-source CLI tool developed by GuardDog, which allows for the identification of malicious PyPI packages. Versions 2.6.0 to 2.9.0 of GuardDog contain security vulnerabilities. These vulnerabilities stem from the default human-readable output, which includes filenames, file...
CVE-2026-34730
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...
CVE-2025-14010 Ansible-collection-community-general: ansible-collection-community-general: keycloak user module leaks credentials in verbose output
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and...
Linux Distros Unpatched Vulnerability : CVE-2025-14010
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext...
CVE-2025-65965
Grype is a vulnerability scanner for container images and filesystems. A credential disclosure vulnerability was found in Grype, affecting versions 0.68.0 through 0.104.0. If registry credentials are defined and the output of grype is written using the --file or --output json= option, the registr...
Linux Distros Unpatched Vulnerability : CVE-2020-15095
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like ://:@::/. The...
CVE-2025-2181
A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's output...
CVE-2025-2181
A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's output...
PT-2025-33021
Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Checkov by Prisma® Cloud affected versions not specified Description: A sensitive information disclosure issue exists in Palo Alto Networks Checkov by Prisma® Cloud. This can lead to the cleartext exposure of Prisma Cloud...
CVE-2025-31479 canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output
canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUBTOKEN. If the full token is included in the excepti...
SUSE CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
zhmc-ansible-modules 安全漏洞
zhmc-ansible-modules is an Ansible collection for IBM Z HMC open sourced by zhmcclient. A security vulnerability exists in zhmc-ansible-modules, which stems from the fact that under certain circumstances, ibm.ibmzhmc writes password-like attributes in plaintext to its log files and to the output...
PT-2024-4304 · Brocade · Brocade Sannav
Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: The issue is related to insufficient protection of registration data, which could allow a remote attacker to gain unauthorized access to protected information. ...
Juniper Networks Junos OS Evolved Log Message Disclosure Vulnerability
Juniper Networks Junos OS is a Juniper Networks network operating system designed for use with Juniper Networks hardware devices. The operating system provides a secure programming interface and the Junos SDK.Junos OS Evolved is an upgraded version of Junos OS. A log information disclosure...