Lucene search
K

323 matches found

Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-59222 Open WebUI: /api/v1/channels/{id}/members exposes full user model including sensitive credentials

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 before 0.10.0, GET /api/v1/channels//members returned full UserModelResponse objects for channel members, including settings.ui.toolServers.key and webhook configuration, allowing a normal channel...

6CVSS0.00265EPSS
Exploits1References3
CVE
CVE
added 6 days ago11 views

CVE-2026-59222

Open WebUI is a self-hosted AI platform. CVE-2026-59222 affects versions from 0.7.0 up to, but not including, 0.10.0. The vulnerability arises when GET /api/v1/channels/{id}/members returns full UserModelResponse objects for channel members, including settings.ui.toolServers[].key and webhook con...

6.5CVSS5.9AI score0.00265EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/29 4:7 p.m.26 views

CVE-2026-13750

Snowflake CLI contains a local-logging vulnerability prior to version 3.19 where sensitive credentials (passwords, tokens, or private key material) could be written to persistent debug logs. An attacker with read access to the affected user’s local log files could exfiltrate credentials if they a...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/06/06 9:0 p.m.13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.9 views

CVE-2026-8405

IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" LTR can expose sensitive credentials in debug mode...

6.5CVSS5.4AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.13 views

CVE-2026-8598

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials...

9.1CVSS5.5AI score0.00507EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/03 10:23 a.m.10 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the apikey field in gateway secrets, which accepts environment variable references that are resolved against server-side credentials. An attacker can obtain sensitive environment...

9.1CVSS7.7AI score0.00435EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/01 8:16 a.m.13 views

Insertion of Sensitive Information Into Sent Data

Overview apache-airflow-task-sdk is a The Apache Airflow Task SDK includes interfaces for Dag authors and Task execution logic for Python. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the /api/v2/connections/connectionid REST API...

6.5CVSS6AI score0.0041EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/28 6:25 p.m.12 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the logging of the entire unmarshaled configuration map at INFO level to /var/log/calico/cni/cni.log during each CNI ADD and DEL invocation. An attacker can obtain sensitive...

7.7CVSS5.8AI score0.00323EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 1:20 p.m.13 views

EUVD-2026-32501

IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" LTR can expose sensitive credentials in debug mode...

6.5CVSS5.8AI score0.00228EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 1:20 p.m.20 views

CVE-2026-8405

The vulnerability CVE-2026-8405 affects IBM Guardium Data Protection (Guardium Data Protection add-on) with the Long Term Retention (LTR) feature, where sensitive credentials can be exposed in debug mode. Affected versions are 12.2.1 and 12.2.2; the issue is described as CWE-200 (Exposure of Sens...

6.5CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/05/27 12:38 a.m.18 views

Insufficiently Protected Credentials

Overview @hapi/wreck is a HTTP Client Utilities library. Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to leaking the sensitive Proxy-Authorization header across cross-hostname redirects. An attacker can obtain sensitive proxy credentials by inducing...

6.3CVSS5.8AI score0.00054EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.18 views

PT-2026-43434

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.22 Description A server-side request forgery SSRF issue exists where an unauthenticated attacker can send crafted requests to internal services due to insufficient input validation in an upload...

9.2CVSS5.8AI score0.06552EPSS
Exploits0References19
NVD
NVD
added 2026/05/15 5:16 p.m.34 views

CVE-2026-41181

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors custom error pages middleware. When the backend returns a response matching the configured status range, the middleware forwards the...

6.9CVSS0.00445EPSS
Exploits1References4
Veracode
Veracode
added 2026/05/12 2:37 p.m.17 views

Information Exposure

follow-redirects is vulnerable to Information Exposure. The vulnerability is due to improper filtering of custom authentication headers during cross-domain redirects, which allows an attacker to obtain sensitive credentials forwarded to unintended domains...

7.5CVSS5.8AI score0.00486EPSS
Exploits0References40Affected Software1
Cvelist
Cvelist
added 2026/04/23 7:11 p.m.36 views

CVE-2026-41266 Flowise: Sensitive Data Leak in public-chatbotConfig

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just...

7.7CVSS0.00346EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from a credential exposure vulnerability in the media download function. This function forwards Authorizatio...

6CVSS5.8AI score0.00296EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.10 views

Juju 安全漏洞

Juju is a open-source application orchestration engine developed by Canonical Juju. Vulnerabilities existed in versions prior to Juju 2.9.57 and 3.6.21. These vulnerabilities were due to authorization issues, which could allow low-privilege users to access sensitive credentials...

9.9CVSS5.8AI score0.00445EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.10 views

ZTE ZXHN H188A 安全漏洞

The ZTE ZXHN H188A is a home gateway router device produced by ZTE Corporation. Both the ZTE ZXHN H188A V6.0.10P2TE version and the V6.0.10P3N3TE version contain security vulnerabilities. These vulnerabilities stem from unvalidated wizard interfaces, which may allow local network attackers to...

7.1CVSS5.8AI score0.08943EPSS
Exploits3References3
Rows per page
Query Builder