Lucene search
+L

428 matches found

NVD
NVD
added 2 days ago10 views

CVE-2024-23567

HCL Aftermarket EPC is affected by Sensitive Information in GET method & in URL which allows application to pass sensitive data via URL parameters during normal usage. Data passed in this manner can be exposed because it may end up stored in unintended locations, including server logs, local...

4.3CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago35 views

CVE-2024-23567

HCL Aftermarket EPC is affected by Sensitive Information in GET method & in URL which allows application to pass sensitive data via URL parameters during normal usage. Data passed in this manner can be exposed because it may end up stored in unintended locations, including server logs, local...

4.3CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2 days ago15 views

CVE-2024-23567

Technical details about CVE-2024-23567 are not publicly available in the provided documents. Monitor for updates from vendor advisories or trusted sources before assessing impact or remediation.

4.3CVSS5.3AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago8 views

CVE-2024-23567

HCL Aftermarket EPC is affected by Sensitive Information in GET method & in URL which allows application to pass sensitive data via URL parameters during normal usage. Data passed in this manner can be exposed because it may end up stored in unintended locations, including server logs, local...

4.3CVSS5.2AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago11 views

EUVD-2026-45086

The Grav API plugin getgrav/grav-plugin-api before 1.0.0-rc.16 accepts JWT access tokens through the ?token= URL query parameter on every API route JwtAuthenticator::extractBearerToken fallback. Because tokens are embedded in URLs, they are logged verbatim in web server access logs, leaked via th...

8.2CVSS6.1AI score0.00269EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 3:16 p.m.15 views

CVE-2026-9699

Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...

6.8CVSS0.00325EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:43 p.m.7 views

CVE-2026-9699

Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...

6.8CVSS5.8AI score0.00325EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 2:43 p.m.30 views

CVE-2026-9699

Mattermost Plugins versions

6.8CVSS5.8AI score0.00325EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:43 p.m.35 views

CVE-2026-9699 Mattermost Agents plugin logs unsanitized OpenAI API keys on authentication errors

Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...

6.8CVSS0.00325EPSS
Exploits0References1
OSV
OSV
added 2026/06/16 11:48 a.m.9 views

BIT-MONGODB-2026-9735 Keyfile contents are in MongoDB Server logs

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS5.4AI score0.00119EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/11 3:5 p.m.86 views

network-intrusion-detector

network-intrusion-detector A Python tool that analyses web se...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.10 views

CVE-2026-9735

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS5.5AI score0.00119EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 11:17 p.m.15 views

CVE-2026-9735

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS0.00119EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 11:17 p.m.9 views

UBUNTU-CVE-2026-9735

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS5.3AI score0.00119EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 10:40 p.m.39 views

CVE-2026-9735 Keyfile contents are in MongoDB Server logs

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS0.00119EPSS
Exploits0References1
MongoDB
MongoDB
added 2026/06/09 10:40 p.m.13 views

Keyfile contents are in MongoDB Server logs

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS5.5AI score0.00119EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/06/09 1:13 p.m.66 views

2625

LogSentinel – Intelligent Web Log Security Analysis Platform...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/09 10:54 a.m.5 views

CVE-2026-49742 TYPO3 CMS - Broken Access Control in Media Module

Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files. This...

7.1CVSS5.9AI score0.00313EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/29 9:30 a.m.54 views

CVE-2026-10078 Quay/config-tool: quay/config-tool: gitlab oauth client_secret exposed in url querystring

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

2.7CVSS0.00196EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 12:31 p.m.11 views

GHSA-HQ3P-W4XV-X7VP Keycloak: Access token disclosure and implicit flow bypass via forged client data

A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect OIDC clients. By manipulating client data during a session restart, an attacker can obtain an access token th...

7.1CVSS5.7AI score0.00344EPSS
Exploits0References10
Rows per page
Query Builder