CVE-2025-12952

A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their privileges from agent-level...

CVE-2025-12952 Privilege Escalation in Dialogflow CX via Webhook Admin Role

A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their privileges from agent-level...

CVE-2025-11248

ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token...

CVE-2025-11248 Sensitive Information Logged

ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token...

CVE-2025-11248

ZohoCorp ManageEngine Endpoint Central (versions prior to 11.4.2528.05) are affected by a sensitive information logging issue. An authenticated user with access to the logs can potentially obtain the agent token from log data. Root cause and impact are described consistently across multiple sourc...

PT-2025-43944

Name of the Vulnerable Software and Affected Versions ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 Description An authenticated user with access to logs may be able to obtain the sensitive agent token. The issue involves sensitive information logging. Recommendations Upda...

Default installation of `synthetic-monitoring-agent` exposes sensitive information

Impact Users running the Synthetic Monitoring agent in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed thru a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and...

PT-2023-25408 · Unknown · Insider Threat Management Server

Name of the Vulnerable Software and Affected Versions: Insider Threat Management Server versions prior to 7.14.3 Description: A missing authorization check in multiple SOAP endpoints enables an attacker on an adjacent network to read and write unauthorized objects. To exploit this, an attacker mu...

CVE-2022-46156 Grafana's default installation of `synthetic-monitoring-agent` exposes sensitive information

The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token...