Lucene search
K

24 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/28 6:35 p.m.8 views

CVE-2026-45040

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUSTLOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...

5.3CVSS5.8AI score0.00152EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/25 11:35 p.m.16 views

n8n-MCP: Sensitive MCP tool-call arguments logged on authenticated requests in HTTP mode

Impact When n8n-mcp runs in HTTP transport mode, authenticated MCP tools/call requests had their full arguments and JSON-RPC params written to server logs by the request dispatcher and several sibling code paths before any redaction. When a tool call carries credential material — most notably...

4.3CVSS5.6AI score0.0025EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/25 11:35 p.m.5 views

GHSA-WG4G-395P-MQV3 n8n-MCP: Sensitive MCP tool-call arguments logged on authenticated requests in HTTP mode

Impact When n8n-mcp runs in HTTP transport mode, authenticated MCP tools/call requests had their full arguments and JSON-RPC params written to server logs by the request dispatcher and several sibling code paths before any redaction. When a tool call carries credential material — most notably...

4.3CVSS6AI score0.0025EPSS
Exploits0References5
CVE
CVE
added 2025/12/08 9:51 p.m.14 views

CVE-2025-64650

CVE-2025-64650 affects IBM Storage Defender - Resiliency Service for versions 2.0.0–2.0.18, with a disclosed vulnerability where sensitive user credentials could be exposed in log files. The issue is documented across multiple sources (IBM Security Bulletin and Red Hat/EU ENISA entries) and is ti...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-29648

Malicious code in bioql PyPI...

9.3CVSS6.5AI score0.0066EPSS
Exploits2References5
CNNVD
CNNVD
added 2025/09/12 12:0 a.m.4 views

Palo Alto Networks Cortex XDR Microsoft 365 安全漏洞

Palo Alto Networks Cortex XDR Microsoft 365 is a security integration solution from Palo Alto Networks, Inc. A security vulnerability exists in Palo Alto Networks Cortex XDR Microsoft 365 that stems from the possibility that user credentials could be exposed in application logs, potentially leadi...

2.4CVSS6.6AI score0.00126EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-31207

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Transmission of credentials within query parameters in Checkmk = 2.1.0p26, = 2.0.0p35, and = 2.2.0b6 beta may cause the automation user's secret to be written t...

5.5CVSS5.6AI score0.00223EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/15 2:26 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview org.apache.cxf:cxf-core is an an open source services framework. CXF helps you build and develop services using frontend programming APIs, like JAX-WS and JAX-RS. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through local storag...

8.2CVSS6.4AI score0.00624EPSS
Exploits0References3
OSV
OSV
added 2025/03/07 3:28 p.m.6 views

OESA-2025-1257 undertow security update

Java web server using non-blocking IO Security Fixes: undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allow...

9.8CVSS6.7AI score0.03478EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.5 views

PT-2024-13336 · Ibm · Ibm Cloud Pak For Multicloud Management

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Multicloud Management versions 2.3 through 2.3 FP8 Description: The issue concerns the storage of user credentials in log files in plain clear text, which can be accessed by a privileged user. This results in the exposure of...

4.9CVSS8.9AI score0.00341EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/06/11 12:0 a.m.6 views

PT-2024-4207 · Schneider Electric · Spacelogic As-B

Name of the Vulnerable Software and Affected Versions: Schneider Electric SpaceLogic AS-P and SpaceLogic AS-B affected versions not specified Description: The issue is related to the exposure of sensitive information, specifically SNMP credentials, through log files. This could allow a remote...

5.5CVSS6.9AI score0.00231EPSS
Exploits0References6
OSV
OSV
added 2023/10/26 6:15 p.m.3 views

UBUNTU-CVE-2023-31417

Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is that sensitive information such as passwords...

4.4CVSS7AI score0.00228EPSS
Exploits0References2
OSV
OSV
added 2023/04/27 9:30 p.m.12 views

GHSA-55VQ-XPJF-R2XC Lightbend Alpakka Kafka logs credentials on debug level

Lightbend Alpakka Kafka before 4.0.2 logs its configuration as debug information, and thus log files may contain credentials if plain cleartext login is configured. This occurs in akka.kafka.internal.KafkaConsumerActor...

5.5CVSS5.8AI score0.00152EPSS
Exploits0References5
OSV
OSV
added 2023/04/19 12:0 p.m.4 views

RUSTSEC-2023-0125 Logs AWS credentials when TRACE-level logging is enabled

aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The awssigv4::SigningParams struct had a derived Debug implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security token in plaintext. When TRACE-level logging is...

5.5CVSS5.8AI score0.00216EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.3 views

TigerGraph 安全漏洞

TigerGraph is one of the world's fastest and most scalable graph analytics platforms from the TigerGraph community. Enabling real-time big data graph applications. A security vulnerability exists in TigerGraph Enterprise Free Edition 3.x series versions that stems from the fact that all...

4.9CVSS5.4AI score0.00417EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/12/12 12:0 a.m.5 views

ARC Informatique PcVue 日志信息泄露漏洞

ARC Informatique PcVue is a multifunctional HMI-SCADA software from ARC Informatique, France, an all-in-one solution that monitors all aspects of a customer's assets.PcVue is used in a wide range of applications such as industrial control, building management, energy management, smart grids, ener...

6.5CVSS6.5AI score0.00329EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/10/06 12:0 a.m.4 views

PT-2022-28196 · Etcd · Etcd

Name of the Vulnerable Software and Affected Versions: etcd affected versions not specified Description: The issue concerns data exposure due to the storage of user credentials in WAL entries on each user authentication. If the WAL log files are not secure, it can potentially expose sensitive...

6.8AI score
Exploits0References8
CNNVD
CNNVD
added 2021/08/20 12:0 a.m.7 views

NetModule Router Software 日志信息泄露漏洞

NetModule Router Software is a router for NetModule. A security vulnerability exists in NetModule Router Software due to the interface support for an optional "CLI-PHP" feature, which is essentially a PHP webshell that requires The vulnerability stems from the interface supporting an optional...

8.8CVSS7.9AI score0.01481EPSS
Exploits3References4
OSV
OSV
added 2021/02/27 5:15 a.m.4 views

UBUNTU-CVE-2021-25284

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level...

4.4CVSS6.7AI score0.00539EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/10/19 2:37 p.m.5 views

npm: sensitive information exposure through logs

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://:@::/". The password value is not redacted and is printed to stdout and also to any generated log files...

4.4CVSS7.3AI score0.00417EPSS
Exploits0References4
Rows per page
Query Builder