CVE-2026-45040

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUSTLOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...

CVE-2026-45040 RustFS: Sensitive Information Leakage (SessionToken and SecretAccessKey) in RustFS Logs [Debug Mode]

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUSTLOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...

CVE-2026-45040

RustFS (Rust-based distributed object storage) prior to version 1.0.0-beta.2 leaks sensitive credentials in logs when RUST_LOG=debug, including SessionToken (JWT), SecretAccessKey, and full JWT claims. The issue’s impact is information disclosure in server logs. Mitigation is upgrading to 1.0.0-b...

EUVD-2026-32997

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUSTLOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...

PT-2026-44468

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUST LOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...

CVE-2026-4217

CVE-2026-4217 affects XREAL Nebula App up to version 3.2.1 on Android. The vulnerability resides in ai.nreal.nebula.universal’s CloudStoragePlugin.java (ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java) where manipulation of accessKey/secretAccessKey/securityToken can lead to unprotected sto...

CVE-2023-43784

Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in cli workflow. Confidential information such as s3secretaccesskey is cached in shell history. Remediation Upgrade com.kuzudb:kuzu to version 0.8.2 or higher. References - GitHub Commit ...

Insertion of Sensitive Information into Log File

Overview kuzu is an An in-process property graph database management system built for query speed and scalability. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in cli workflow. Confidential information such as s3secretaccesskey is cached in...

U.S. Dept Of Defense: Secret Access Key of AWS Firehose Disclosure

The domain had an endpoint that contained the secret access key of an AWS Firehose delivery stream encoded in base64. The secret access key was disclosed, allowing the record to be put into the Firehose delivery stream...

CVE-2023-50294

The App Settings /admin/app page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page...

CVE-2023-50294

The App Settings /admin/app page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page...

Code injection

The App Settings /admin/app page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page...

CVE-2023-50294

The App Settings /admin/app page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page...

Plesk Onyx Security Vulnerability

Plesk Onyx is a hosting control panel from Plesk Switzerland. A security vulnerability exists in Plesk Onyx version 17.8.11 that stems from a security issue with the accessKeyId and SecretAccessKey fields associated with the Amazon AWS Firehose component...

PT-2023-28982 · Plesk +1 · Plesk Onyx +1

Name of the Vulnerable Software and Affected Versions: Plesk Onyx version 17.8.11 Description: The issue is related to the presence of accessKeyId and secretAccessKey fields in the Amazon AWS Firehose component. However, the vendor's position is that there is no security threat. Recommendations:...

Jenkins S3 Explorer Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2022-26910 · Jenkins · Jenkins S3 Explorer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins S3 Explorer Plugin versions 1.0.8 and earlier Description: The issue concerns the Jenkins S3 Explorer Plugin, where the AWS SECRET ACCESS KEY form field is not masked, increasing the potential for attackers to observe and capture it...

Amazon Web Services IAM credential enumeration

Provided AWS credentials, this module will call the authenticated API of Amazon Web Services to list all IAM credentials associated with the account This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'aws-sdk-iam...

Starting/stopping Amazon EC2 instances using CLI and Python SDK

It's a very good practice to scan your perimeter from the outside of your network, simulating an attacker. However, you will need to deploy the scanners somewhere to do this. Hosting on Amazon EC2 can be a good and cost-effective option, especially if you start instances with vulnerability scanne...