46 matches found
CVE-2026-46458 Credential exposure in ICU Scandinavia Boomerang
ICU Scandinavia Boomerang is vulnerable to an information disclosure flaw where sensitive credential files are exposed via static HTTP. This allows an unauthenticated remote attacker to retrieve plaintext service account and SMTP credentials by requesting specific XML files from the webroot. This...
EUVD-2026-44666
ICU Scandinavia Boomerang is vulnerable to an information disclosure flaw where sensitive credential files are exposed via static HTTP. This allows an unauthenticated remote attacker to retrieve plaintext service account and SMTP credentials by requesting specific XML files from the webroot. This...
CVE-2026-48206
Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel JIRA component. The camel-jira producers read their operation parameters - the issue key, project key, transition id, summary, type, assignee, components, watchers, link type, work-log minute...
CVE-2026-25193
Insertion of Sensitive Information into Log File CWE-532 in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account not the default Network Service account are...
EUVD-2026-31636
Insertion of Sensitive Information into Log File CWE-532 in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account not the default Network Service account are...
CVE-2026-25193
Insertion of Sensitive Information into Log File CWE-532 in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account not the default Network Service account are...
CVE-2026-7325
Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provider service account via authentication relay to an attacker-controlled server. This issue affects :...
EUVD-2026-31462
Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provider service account via authentication relay to an attacker-controlled server. This issue affects :...
CVE-2026-4250
CVE-2026-4250 affects Albert Health Android app up to 1.7.3. The vulnerability lies in an unknown function within resources/assets/service-account.json of the Google Cloud Service Account Key Handler, leading to unprotected storage of credentials. Exploitation requires local access and is describ...
FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall NGFW appliances as entry points to breach victim networks. The activity involves the exploitation of recently disclosed security vulnerabilities or weak credentials...
GHSA-2V6M-6XW3-6467 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users
Summary A vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources associated with the service account. Impact Fleet returns configuration da...
CVE-2026-27465 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users
Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...
CVE-2026-27465 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users
Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...
PT-2026-22117
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.80.1 Description Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...
EUVD-2020-29085
Malware in sbrugna...
EUVD-2020-12768
Malware in sbrugna...
EUVD-2024-39401
Malicious code in bioql PyPI...
GO-2025-3645 Kubernetes did not effectively clear service account credentials in k8s.io/kubernetes
Kubernetes did not effectively clear service account credentials in k8s.io/kubernetes...
CVE-2024-42024
A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed...
YAQL: OpenStack Murano Component Information Leakage
A flaw was found in the Murano component of OpenStack. This vulnerability allows ordinary users capable of importing and deploying app packages to access sensitive information within OpenStack services. Specifically, through this exploit, unauthorized users can obtain Murano service account...