CVE-2026-6720

When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embeds every credential calicoctl uses to talk to the cluster — inline kubeconfig with bearer token,...

CVE-2026-6720

When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embeds every credential calicoctl uses to talk to the cluster — inline kubeconfig with bearer token,...

PT-2026-44417

Name of the Vulnerable Software and Affected Versions calicoctl affected versions not specified Description When the client is invoked with --log-level=info or --log-level=debug, it prints the full contents of its loaded connection-configuration struct to stderr in a single log line. This struct...

Tigera Calico 安全漏洞

Tigera Calico is an open-source network security solution developed by the American company Tigera, designed for container, virtual machine, and host workload scenarios. Tigera Calico has a security vulnerability that arises from printing the complete connection configuration structure when calle...

EUVD-2024-29048

Malicious code in bioql PyPI...

CVE-2024-52290

LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...

LF Edge eKuiper 跨站脚本漏洞

LF Edge eKuiper is an edge lightweight IoT data analytics software from LF Edge open source. A cross-site scripting vulnerability exists in LF Edge eKuiper versions prior to 2.1.0, which stems from a cross-site scripting injection in the Connection Configuration key Name parameter...

CVE-2024-35189 Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints in Fides

Fides is an open-source privacy engineering platform. The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data e.g. passwords, private keys, etc.. These secrets are stored encrypted at rest in the...

CVE-2024-31137

In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration...

CVE-2024-31137

In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration...

CVE-2024-31137

In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration...

CVE-2024-31137

Summary: CVE-2024-31137 affects JetBrains TeamCity versions prior to 2024.03, where the Space connection configuration component can cause a reflected XSS. The root cause is insufficient protection of the web page structure in the Space configuration flow, allowing an attacker to inject/script vi...

Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions Op or Admin to change the connection object in this...

CVE-2023-33234 Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions Op or Admin to change the connection object in this...

CVE-2023-33234 Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions Op or Admin to change the connection object in this...

Improper access control

Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing...

Information Disclosure

nat.js is vulnerable to information disclosure. The vulnerability exists as it leaks options to the NATS server, including TLS private credentials, when Mutual TLS is used, where the credentials for the TLS client keys are included in the connection configuration options...

Sensitive data exposure in NATS

Preview versions of two NPM packages and one Deno package from the NATS project contain an information disclosure flaw, leaking options to the NATS server; for one package, this includes TLS private credentials. The connection configuration options in these JavaScript-based implementations were...

AVEVA InduSoft Web Studio / InTouch Edge HMI Command 66 RCE

Binary data scadaavevaiwsitehcmd66rce.nbin...

CVE-2019-6545

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI formerly InTouch Machine Edition prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server...