Lucene search
+L

422 matches found

redhat
redhat
added 2026/04/10 2:24 p.m.4 views

crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

The crypto/tls conn.Handshake method returns an error on the server-side when ALPN negotation fails which can contain arbitrary attacker controlled information provided by the client-side of the connection which is not escaped. This affects programs which log these errors without any additional...

5.3CVSS6.2AI score0.00443EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/04/01 12:0 a.m.13 views

PT-2026-29832

Name of the Vulnerable Software and Affected Versions: Nhost versions prior to 0.48.0 Description: Nhost's auth service OAuth provider callback flow includes the refresh token directly in the redirect URL as a query parameter. This can lead to exposure of the refresh token in browser history,...

7.5CVSS5.9AI score0.00267EPSS
Exploits1References7
vulnrichment
vulnrichment
added 2026/03/26 8:40 p.m.5 views

CVE-2026-33620 PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.8 through v0.8.3 accepted the API token from a token URL query parameter in addition to the Authorization header. When a valid API credential is sent in the URL, it can be exposed through...

4.3CVSS5.9AI score0.00273EPSS
Exploits1References2
osv
osv
added 2026/03/26 8:33 p.m.8 views

GO-2026-4822 PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems in github.com/pinchtab/pinchtab

PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems in github.com/pinchtab/pinchtab...

4.3CVSS5.8AI score0.00273EPSS
Exploits1References2
redhatcve
redhatcve
added 2026/03/26 3:13 p.m.5 views

CVE-2025-13219

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...

7.5CVSS5.8AI score0.00334EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/03/19 12:0 a.m.18 views

PT-2026-51176

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 25.1 Description An authentication bypass exists in the 'decryptMessage.json.php' endpoint, allowing unauthenticated users to decrypt PGP Pretty Good Privacy messages. Remote attackers can provide private keys,...

6.9CVSS6.2AI score0.00392EPSS
Exploits0References13
euvd
euvd
added 2026/03/10 9:32 p.m.8 views

EUVD-2025-208510

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...

5.9CVSS5.8AI score0.00334EPSS
Exploits0References2
euvd
euvd
added 2026/03/10 9:32 p.m.6 views

EUVD-2025-208511

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...

5.9CVSS5.8AI score0.00334EPSS
Exploits0References2
osv
osv
added 2026/03/10 8:16 p.m.6 views

CVE-2025-13219

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...

7.5CVSS5.8AI score0.00334EPSS
Exploits0References1
cvelist
cvelist
added 2026/03/10 8:8 p.m.30 views

CVE-2025-13219 Multiple vulnerabilities in IBM Aspera Orchestrator

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...

5.9CVSS0.00334EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/03/10 8:8 p.m.5 views

CVE-2025-13219 Multiple vulnerabilities in IBM Aspera Orchestrator

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...

5.9CVSS5.8AI score0.00334EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/03/10 8:8 p.m.6 views

CVE-2025-13219

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...

5.9CVSS5.8AI score0.00334EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/03/10 8:8 p.m.15 views

CVE-2025-13219

CVE-2025-13219 affects IBM Aspera Orchestrator versions 3.0.0–4.1.2. The vulnerability stems from storing sensitive data in URL parameters, potentially exposing confidential information via server logs, referrer headers, or browser history. The Red Hat/IBM advisories and IBM security bulletin con...

7.5CVSS5.8AI score0.00334EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/03/10 12:0 a.m.9 views

PT-2026-24405

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...

5.9CVSS5.8AI score0.00334EPSS
Exploits0References2
osv
osv
added 2026/02/26 10:33 p.m.8 views

GHSA-62CR-6WP5-Q43H Copyparty vulnerable to reflected XSS via setck parameter

Summary An XSS allows for reflected cross-site scripting via URL-parameter ?setck=... Details A reflected cross-site scripting XSS vulnerability could allow an attacker to execute malicious javascript by tricking users into accessing a malicious link. The worst-case outcome of this is being able ...

5.4CVSS5.4AI score0.00163EPSS
Exploits0References5
github
github
added 2026/02/26 10:33 p.m.11 views

Copyparty vulnerable to reflected XSS via setck parameter

Summary An XSS allows for reflected cross-site scripting via URL-parameter ?setck=... Details A reflected cross-site scripting XSS vulnerability could allow an attacker to execute malicious javascript by tricking users into accessing a malicious link. The worst-case outcome of this is being able ...

6.1CVSS5.3AI score0.00163EPSS
Exploits0References5Affected Software1
redhatcve
redhatcve
added 2026/01/20 8:22 p.m.6 views

CVE-2026-23846

Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...

9.1CVSS5.5AI score0.00403EPSS
Exploits1References1
nvd
nvd
added 2026/01/19 8:15 p.m.9 views

CVE-2026-23846

Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...

9.1CVSS0.00403EPSS
Exploits1References2
cve
cve
added 2026/01/19 7:42 p.m.18 views

CVE-2026-23846

CVE-2026-23846 — Tugtainer password exposure : Tugtainer (self-hosted Docker updater) before version 1.16.1 transmits passwords via URL query parameters instead of the HTTP request body. This enables passwords to be logged in server access logs and potentially exposed through browser history, Ref...

9.1CVSS5.5AI score0.00403EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2026/01/19 7:42 p.m.23 views

CVE-2026-23846 Tugtainer vulnerable to Password Exposure via URL Query Parameter

Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...

8.1CVSS0.00403EPSS
Exploits1References2
Rows per page
Query Builder