Directus 安全漏洞

Directus is an open-source real-time API and application dashboard developed by Directus. It is used to manage SQL database content. Versions of Directus prior to 11.17.0 contained a security vulnerability. This vulnerability stemmed from inconsistent calls to the prepareDelta cleanup pipeline in...

CVE-2026-20138

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the integrationKey, secretKey, and appSecretKey secrets, generated by Duo Two-Factor...

CVE-2020-37093

Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcoreget.cgi endpoint. Attackers can send a GET request to the endpoint to extract sensitive network credentials including SSID and WiFi passwords in...

EUVD-2018-12347

Malware in sbrugna...

EUVD-2021-9352

Malicious code in bioql PyPI...

EUVD-2022-4884

Malicious code in bioql PyPI...

CVE-2025-48493

The vulnerability CVE-2025-48493 affects the Yii 2 Redis extension (yii2-redis) used with Yii Framework 2.0. Prior to version 2.0.20, AUTH credentials are logged in plain text when a connection fails, exposing usernames and passwords to anyone with access to the logs. The issue is mitigated by up...

CVE-2025-48493 Yii 2 Redis may expose AUTH paramters in logs in case of connection failure

The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if...

CVE-2022-34801

Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...

CVE-2020-17511

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Important) (RHSA-2025:3636)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:3636 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...

Unspecified Vulnerability in coolLabs Coolify

Coolify is an open source and self-hosted alternative to Heroku/Netlify/Vercel. An unspecified vulnerability exists in coolLabs Coolify that originates from an authenticated user retrieving any existing private key on an instance in plain text. No detailed vulnerability details are provided at th...

CVE-2024-52523

Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fixed credentials, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active sessi...

Red Hat Ansible 日志信息泄露漏洞

Red Hat Ansible is a computer system configuration manager from Red Hat USA. The product can be used to distribute, manage, and orchestrate computer systems. Red Hat Ansible suffers from a log information disclosure vulnerability that originates when sensitive information stored in an Ansible Vau...

Command injection

Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...

The vulnerability of the Data Exchange Layer Platform, a messaging application between applications, and the Threat Intelligence Exchange Server, related to the lack of protection for operational data, allows access to confidential information.

The vulnerability of the Data Exchange Layer Platform, a messaging application between applications, and the Threat Intelligence Exchange Server, a threat protection system, is related to the lack of protection for operational data. Exploiting this vulnerability can allow attackers to gain access...

BSA-2017-441

Security Advisory ID : BSA-2017-441 Component : Samba Revision : 2.0: Interim It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. Affected Products...

Novell GroupWise Plain Text Password Vulnerability.

-------------------------------------------- Novell GroupWise Plain Text Password Vulnerability. -------------------------------------------- Overview: A Vulnerability exsists in the Novell GroupWise Client that will allow an attacker to identify the id and password of the users GroupWise email...