CVE-2026-7312

creationtimestamp| type| source ---|---|--- 2026-06-02 18:01:35+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mnd6h2hiip2w 2026-06-03 02:00:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndz7plsio22...

CVE-2026-35383

Bentley Systems iTwin Platform exposed a Cesium ion access token in the source of some web pages. An unauthenticated attacker could use this token to enumerate or delete certain assets. As of 2026-03-27, the token is no longer present in the web pages and cannot be used to enumerate or delete...

Bentley Systems iTwin Platform 安全漏洞

Bentley Systems iTwin Platform is a digital twin cloud platform developed by Bentley Systems. It supports infrastructure data modeling and full-lifecycle management. There is a security vulnerability in Bentley Systems iTwin Platform, which stems from exposed access tokens in the web page source...

CVE-2009-4535

Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / slash character to the URI...

CVE-2019-11403

In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page...

CVE-2021-47721

Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the victim's unique ID from the page source and replace their own session cookie to gain unauthorized...

UBUNTU-CVE-2025-65000

SSH private keys of the "Remote alert handlers Linux" rule were exposed in the rule page's HTML source in Checkmk = 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed...

CVE-2025-65000

CVE-2025-65000 affects Checkmk (Linux Remote alert handlers rule). SSH private keys were exposed in the HTML source of the rule page for Checkmk 2.3.0 and all versions up to 2.4.0p18, potentially allowing unauthorized triggering of predefined alert handlers on affected hosts. The Red Hat, NVD, Ub...

EUVD-2021-27275

Malware in sbrugna...

EUVD-2019-3080

Malware in sbrugna...

EUVD-2017-16773

Malware in sbrugna...

EC-WEB FS-EZViewer 信息泄露漏洞

EC-WEB FS-EZViewer is an online document viewing application. An information disclosure vulnerability exists in EC-WEB FS-EZViewer version 10.4.0.X and prior versions, which stems from the presence of a sensitive information disclosure vulnerability. An attacker can obtain database configuration...

BIT-EJBCA-2021-40086

An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page that can only be viewed by an administrator. While hidden from direct view, checking the page source would...

CVE-2024-1769 JM Twitter Cards <= 14 - Information Exposure via Meta Description

The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 14 via the meta description data. This makes it possible for unauthenticated attackers to view password protected post content when viewing the page source...

CVE-2023-49261

The "tokenKey" value used in user authorization is visible in the HTML source of the login page...

TSplus Security Vulnerabilities

TSplus is a remote access software software from TSplus. A security vulnerability exists in TSplus Remote Work version 16.0.0.0, which originates from a plaintext password placed on the var pass of the HTML source code of the secure single sign-on web portal...

CVE-2023-31069

An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page...

Logic flaw vulnerability in LiveGBS of Anhui Green Persimmon Information Technology Co., Ltd (CNVD-2023-72138)

LiveGBS is a national standard GB28181 streaming media service software , can provide to provide user management and Web visualization page management , open source front-end page source code ; to provide device status management , you can real-time view of whether the device is offline and other...

CVE-2023-3709

The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to...

SUSE CVE-2022-23711

A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the health and performance of your Elasticsearch cluster. Authentication with a vulnerable Kibana instance...