Lucene search
K

28 matches found

NVD
NVD
added yesterday5 views

CVE-2026-12085

IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attack...

6.5CVSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-40391

IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attack...

6.5CVSS5.7AI score
Exploits0References1
Cvelist
Cvelist
added yesterday24 views

CVE-2026-12085 IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability

IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attack...

6.5CVSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-12085

IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attack...

6.5CVSS5.7AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 6:55 p.m.7 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability (CVE-2026-12085)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system. CVE-2026-12085. Vulnerability Details CVEID:CVE-2026-12085 DESCRIPTION: IBM DevOps Deploy coul...

6.5CVSS5.7AI score
Exploits0Affected Software1
OSV
OSV
added 2026/03/16 3:30 p.m.4 views

GHSA-4PPJ-6CHV-5PGC Mattermost Microsoft Teams Plugin fails to properly mask sensitive configuration values

Mattermost Plugins versions =2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606...

7.6CVSS5.8AI score0.0018EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/15 3:29 p.m.2 views

CVE-2026-26366

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials user:user, admin:admin that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitiv...

9.8CVSS5.5AI score0.00652EPSS
Exploits2References3
NVD
NVD
added 2025/12/24 8:15 p.m.5 views

CVE-2018-25137

FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getConfigExportFile.cgi endpoint to retrieve system configurations, potentially enabling authenticati...

8.7CVSS0.00434EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/30 9:45 a.m.8 views

CVE-2025-54471 NeuVector is shipping cryptographic material into its binary

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data...

6.5CVSS0.00242EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/21 8:26 p.m.1 views

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key for encrypting sensitive configurations when NeuVector stores data. The static key can be used to retrieve configuration data. Remediation Upgrade github.com/neuvector/neuvector/controller/kv to versi...

7.1CVSS6.9AI score0.00242EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/21 8:26 p.m.3 views

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key for encrypting sensitive configurations when NeuVector stores data. The static key can be used to retrieve configuration data. Remediation Upgrade github.com/neuvector/neuvector/controller/rest to...

7.1CVSS6.9AI score0.00242EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2008-6666

Malware in sbrugna...

7.8CVSS6.4AI score0.02261EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-2699

Malware in sbrugna...

9.8CVSS9.5AI score0.01225EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-32346

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00357EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6275

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00584EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/11 12:0 a.m.2 views

YugabyteDB 安全漏洞

YugabyteDB is a high-performance transactional distributed SQL database for cloud-native applications from Yugabyte USA. A security vulnerability exists in YugabyteDB that stems from a diagnostic information collection that may contain sensitive configurations...

7CVSS7.1AI score0.00318EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:33 p.m.6 views

CVE-2021-34751

A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device. This...

4.3CVSS6.4AI score0.00271EPSS
Exploits0
OSV
OSV
added 2025/01/09 2:15 p.m.4 views

CVE-2024-43176

IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users...

5.4CVSS5.4AI score0.00272EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/08 12:0 a.m.4 views

PT-2024-31241 · Mgt Commerce Gmbh · Cloudpanel

Name of the Vulnerable Software and Affected Versions: MGT-COMMERCE GmbH CloudPanel versions 2.0.0 through 2.4.2 Description: An Improper Authorization Access Control Misconfiguration issue allows low-privilege users to bypass access controls, gaining unauthorized access to sensitive configuratio...

6.5CVSS7.5AI score0.00652EPSS
Exploits1References9
NVD
NVD
added 2024/10/03 6:15 p.m.12 views

CVE-2024-47762

Backstage is an open framework for building developer portals. Configuration supplied through APPCONFIG environment variables, for example APPCONFIGbackendlistenport=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema...

5.8CVSS0.00365EPSS
Exploits0References2
Rows per page
Query Builder