23 matches found
GHSA-4PPJ-6CHV-5PGC Mattermost Microsoft Teams Plugin fails to properly mask sensitive configuration values
Mattermost Plugins versions =2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606...
CVE-2026-26366
eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials user:user, admin:admin that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitiv...
CVE-2018-25137
FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getConfigExportFile.cgi endpoint to retrieve system configurations, potentially enabling authenticati...
CVE-2025-54471 NeuVector is shipping cryptographic material into its binary
NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data...
Use of Hard-coded Cryptographic Key
Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key for encrypting sensitive configurations when NeuVector stores data. The static key can be used to retrieve configuration data. Remediation Upgrade github.com/neuvector/neuvector/controller/rest to...
Use of Hard-coded Cryptographic Key
Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key for encrypting sensitive configurations when NeuVector stores data. The static key can be used to retrieve configuration data. Remediation Upgrade github.com/neuvector/neuvector/controller/kv to versi...
EUVD-2008-6666
Malware in sbrugna...
EUVD-2018-2699
Malware in sbrugna...
EUVD-2022-6275
Malicious code in bioql PyPI...
EUVD-2024-32346
Malicious code in bioql PyPI...
YugabyteDB 安全漏洞
YugabyteDB is a high-performance transactional distributed SQL database for cloud-native applications from Yugabyte USA. A security vulnerability exists in YugabyteDB that stems from a diagnostic information collection that may contain sensitive configurations...
CVE-2021-34751
A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device. This...
CVE-2024-43176
IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users...
PT-2024-31241 · Mgt Commerce Gmbh · Cloudpanel
Name of the Vulnerable Software and Affected Versions: MGT-COMMERCE GmbH CloudPanel versions 2.0.0 through 2.4.2 Description: An Improper Authorization Access Control Misconfiguration issue allows low-privilege users to bypass access controls, gaining unauthorized access to sensitive configuratio...
CVE-2024-47762
Backstage is an open framework for building developer portals. Configuration supplied through APPCONFIG environment variables, for example APPCONFIGbackendlistenport=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema...
CVE-2024-28098
A flaw was found in Apache Pulsar. This issue allows a non-tenant user to modify permissions for sensitive configurations, impacting data integrity and confidentiality. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product...
Apache Airflow 信息泄露漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow versions 2.4.0 to 2.7.0 information leakage vulnerability , the...
CVE-2022-37909
Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers...
DataTaker DT80 dEX 1.50.012 Sensitive Configuration Exposure
Title: DataTaker DT80 dEX 1.50.012 - Sensitive Configurations Exposure + Credits / Discovery: Nassim Asrir + Author Contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE: CVE-2017-11165 Vendor: ===============...
DataTaker DT80 dEX 1.50.012 - Information Disclosure
Title: DataTaker DT80 dEX 1.50.012 - Sensitive Configurations Exposure + Credits / Discovery: Nassim Asrir + Author Contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE: CVE-2017-11165 Vendor: ===============...