CVE-2026-2476 MS Teams plugin sensitive config values not properly masked in support packets

Mattermost Plugins versions =2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606...

EUVD-2025-201845

Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on confidentiality without affecting integrity...

PT-2025-49772

Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on confidentiality without affecting integrity...

PT-2025-42624

Name of the Vulnerable Software and Affected Versions Squid versions prior to 7.2 Squid versions 3.x through 3.5.28 Squid versions 4.x through 4.17 Squid versions 5.x through 5.9 Squid versions 6.x through 6.14 Squid versions 7.x through 7.1 Description Squid, a caching proxy for the Web, contain...

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the ComposeViewHierarchyNode object. An attacker can access unmasked sensitive data by reviewing Android session replays that include text composables. Note: This ...

CVE-2022-3460

In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview...

PT-2023-13416 · Unknown · Octopus Deploy

Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: The issue allows certain types of sensitive variables to become unmasked when viewed in variable preview. Recommendations: At the moment, there is no information about a newer versio...

Information Disclosure

ansible is vulnerable to information disclosure. The attack exists when an incorrect parameter name is passed to a module having an argumentspec with sub parameters marked as nolog, causing a failure of the task. It exposes data in sub parameter fields as it leaves the data unmasked if it is run...

CVE-2019-14858

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processe...

CVE-2018-5559

In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect...