19434 matches found
CVE-2026-50529
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid...
CVE-2026-7017 HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets
HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect follows the Location: header and prepareheadersandcb re-merges the caller's headers argument into the new request, without checking whether...
CVE-2026-7017
HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect follows the Location: header and prepareheadersandcb re-merges the caller's headers argument into the new request, without checking whether...
CVE-2026-7017
CVE-2026-7017 affects HTTP::Tiny for Perl prior to 0.095. When a 3xx redirect is followed, the implementation re-merges caller-supplied headers into the new request without verifying origin sharing. This causes Authorization, Cookie, and Proxy-Authorization headers to be resent to the redirect ta...
CVE-2026-7017 HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets
HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect follows the Location: header and prepareheadersandcb re-merges the caller's headers argument into the new request, without checking whether...
GO-2026-5832 Nezha Dashboard: DDNS and Notification credential exposure via unredacted list API in github.com/nezhahq/nezha
Nezha Dashboard: DDNS and Notification credential exposure via unredacted list API in github.com/nezhahq/nezha. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...
PYSEC-2026-2008 vantage6 vulnerable to username timing attack
Impact It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks Workarounds No...
CVE-2026-14867
PcVue projects store credentials for built-in users insecurely in the User directory, affecting all versions before 17.0.0. A local attacker could retrieve these credentials, impacting confidentiality. Active Directory accounts are not affected. The provided documents do not include explicit reme...
CVE-2026-48892 Apache Airflow: Config API leaks per-key secrets backend kwargs - masker bypass on synthetic options
The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...
Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities
A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of a new campaign. The activity involves the exploitation of now-patched, critical security flaws in...
PT-2026-56173
Name of the Vulnerable Software and Affected Versions PcVue versions prior to 17.0.0 Description Credentials for built-in users are stored insecurely within the User directory of projects. This allows a local attacker to retrieve these credentials. Active Directory accounts are not affected by th...
PT-2026-56236
Name of the Vulnerable Software and Affected Versions NocoBase versions prior to 2.1.21 Description A server-side request forgery SSRF issue exists in the serverRequest wrapper. This allows authenticated administrators to execute arbitrary outbound HTTP requests by providing malicious URLs to...
MAL-2026-7012 Malicious code in express-mongo-limit (npm)
The npm package express-mongo-limit masquerades as an Express/MongoDB payload sanitization middleware likely typosquatting express-mongo-sanitize but is a credential stealer, remote-code-execution backdoor, crypto clipboard hijacker, and screenshot spyware. It declares a postinstall: node index.j...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the users.getUser method in the JSON-RPC API. An attacker can retrieve sensitive credential information, such as password hashes, TOTP secrets, and session tokens, by supplying...
NPM: 9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, Allowing Complete Credential Theft and Database Takeover
NPM: 9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, Allowing Complete Credential Theft and Database Takeover vulnerability discovered by ? in WordPress Npm 9router versions = 0.4.71...
CVE-2026-59712
Leantime's Users::getUser method in the JSON-RPC API lacks proper authorization checks, allowing authenticated users to retrieve full user credential rows including password hashes, TOTP secrets, and session tokens. Attackers can exploit this by calling users.getUser with arbitrary user IDs to...
CVE-2026-8926
A flaw was found in curl. When curl is configured to use a .netrc file for credentials and a URL is provided with a username but no password, curl may incorrectly retrieve and use the password for a different user from the .netrc file for the same host. This could lead to unauthorized information...
CVE-2026-59712 Leantime - JSON-RPC API Broken Access Control via users.getUser
Leantime's Users::getUser method in the JSON-RPC API lacks proper authorization checks, allowing authenticated users to retrieve full user credential rows including password hashes, TOTP secrets, and session tokens. Attackers can exploit this by calling users.getUser with arbitrary user IDs to...
EUVD-2026-41942
Leantime's Users::getUser method in the JSON-RPC API lacks proper authorization checks, allowing authenticated users to retrieve full user credential rows including password hashes, TOTP secrets, and session tokens. Attackers can exploit this by calling users.getUser with arbitrary user IDs to...
CVE-2026-59712
According to the connected NVD records, CVE-2026-59712 affects Leantime’s JSON-RPC API via the Users::getUser method. The vulnerability arises from missing authorization checks, enabling authenticated users to call users.getUser with arbitrary user IDs and enumerate accounts. The outcome is expos...