Lucene search
K

16 matches found

OSV
OSV
added 2026/06/16 12:37 p.m.7 views

BIT-DISCOURSE-2026-44779 Discourse: Bot debug endpoints disclose whisper translation audit logs

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0...

4.3CVSS5.2AI score0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 8:22 p.m.11 views

EUVD-2026-36583

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1,...

4.3CVSS5.2AI score0.00235EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/27 11:25 p.m.4 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via the restore process. An attacker can gain unauthorized administrative privileges by uploading a crafted SQLite database file, allowing access to user management, audit logs, debug endpoints, and operato...

8.6CVSS5.9AI score0.00388EPSS
Exploits0References2
OSV
OSV
added 2026/02/26 8:39 a.m.7 views

BIT-AIRFLOW-2025-27555 Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow cli

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

6.5CVSS5.5AI score0.00363EPSS
Exploits0References3
OSV
OSV
added 2026/02/03 1:15 a.m.7 views

CVE-2025-12773

A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade...

6.5CVSS5.8AI score0.0033EPSS
Exploits0References1
CVE
CVE
added 2026/02/02 9:41 p.m.14 views

CVE-2025-12679

CVE-2025-12679 affects Brocade SANnav prior to 2.4.0b and 3.0.0, where during migration the Password-Based Encryption (PBE) key is logged in plaintext to the system audit logs. An attacker with local access to these logs (audit logs on the host server, visible only to privileged users) could retr...

7.1CVSS5.5AI score0.00148EPSS
Exploits0References1Affected Software1
Broadcom
Broadcom
added 2026/01/27 12:0 a.m.19 views

Plain password is logged in the audit logs while executing update-reports-purge-settings.sh script with Brocade SANnav before 2.4.0a (CVE-2025-12773)

A vulnerability in “update-reports-purge-settings.sh” script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade...

7.1CVSS5.9AI score0.0033EPSS
Exploits0
Snyk
Snyk
added 2025/11/05 6:45 p.m.6 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the audit log. An attacker can obtain the IP address of a project member admin who invites another user by viewing the audit log after being invited. Remediation...

3.5CVSS6.6AI score0.00181EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-1296

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nomad Community and Nomad Enterprise Nomad are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This...

6.5CVSS5.5AI score0.00449EPSS
Exploits0References2
OSV
OSV
added 2025/03/10 6:15 p.m.10 views

UBUNTU-CVE-2025-1296

Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...

6.5CVSS5.8AI score0.00449EPSS
Exploits0References3
OSV
OSV
added 2025/03/10 6:2 p.m.7 views

CVE-2025-1296 Nomad Exposes Sensitive Workload Identity and Client Secret Token in Audit Logs

Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...

6.5CVSS6.6AI score0.00449EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.5 views

Checkmk 安全漏洞

Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in Checkmk that stems from the insertion of sensitive information into log files, which could result in SNMP and IMPI secrets for host and folder attributes being written to administrator-accessible audit log...

5.1CVSS6.2AI score0.00322EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/03 12:0 a.m.6 views

PT-2024-28468 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.5 Mattermost version 9.8.0 Description: The issue allows a high-privileged attacker with access to the audit logs to read message contents due to the failure to sanitize the RemoteClusterFrame payloads...

2.7CVSS7AI score0.00337EPSS
Exploits0References3
OSV
OSV
added 2024/03/01 11:15 a.m.9 views

PYSEC-2024-42

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by...

4.7CVSS5.9AI score0.01856EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/25 12:0 a.m.6 views

Dependency-Track 安全漏洞

Dependency-Track is an intelligent supply chain component analysis platform for identifying third-party component risks. A security vulnerability exists in Dependency-Track versions prior to 4.6.0, which stems from the fact that executing an API request with a valid API key with insufficient...

4.4CVSS5.2AI score0.00197EPSS
Exploits0References4
Elastic
Elastic
added 2022/08/24 3:42 p.m.9 views

Elastic Cloud Enterprise 3.4.0 Security Update

Elastic Cloud Enterprise Sensitive information disclosure issue ESA-2022-10 A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in th...

6.5CVSS6.2AI score0.00675EPSS
Exploits0
Rows per page
Query Builder