Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/27 6:24 p.m.7 views

CVE-2026-45046

Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...

5.5CVSS5.9AI score0.00106EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2026/03/13 8:5 p.m.4 views

GHSA-4524-CJ9J-G4FJ OneUptime: Password Reset Token Logged at INFO Level

Summary The password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log aggregation, Docker logs, Kubernetes pod logs can intercept reset tokens and perfo...

6.9CVSS5.9AI score0.00235EPSS
Exploits1References4
NVD
NVDadded 2026/01/29 4:16 p.m.5 views

CVE-2026-0936

An Insertion of Sensitive Information into Log File vulnerability in B&R PVI client versions prior to 6.5 may be abused by an authenticated local attacker to gather credential information which is processed by the PVI client application. The logging function of the PVI client application is...

5.1CVSS0.00103EPSS
Exploits0References1
ICS
ICSadded 2026/01/29 12:30 a.m.4 views

ABB B&R PVI

SUMMARY ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is now available that addresses and remediates the vulnerability. An attacker who successfully exploited this vulnerability could read sensitive information in the logging data of the...

5.1CVSS5.8AI score0.00103EPSS
Exploits0References10
OSV
OSVadded 2025/12/03 11:44 a.m.4 views

BIT-NGINX-AGENT-2023-1550 NGINX Agent vulnerability CVE-2023-1550

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when...

5.5CVSS6AI score0.00218EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/03/06 12:0 a.m.3 views

Envoy Gateway 安全漏洞

Envoy Gateway is an Envoy Proxy open source that uses the Envoy proxy as a gateway for standalone or Kubernetes-based applications. A security vulnerability exists in Envoy Gateway versions prior to 1.2.7 and 1.3.1 that stems from the default Envoy Proxy access logging configuration being...

5.3CVSS5.6AI score0.00264EPSS
Exploits0References3
RedHat Linux
RedHat Linuxadded 2018/12/04 6:27 p.m.1 views

ansible: become password logged in plaintext when used with PowerShell on Windows

Execution of Ansible content on Microsoft's Windows platform with Powershell 5 or higher may disclose sensitive execution details including 'become' passwords, Ansible module arguments, and return values via Powershell's 'suspicious scriptblock logging' feature, which is enabled by default. The...

4.4CVSS7.4AI score0.00535EPSS
Exploits0References5
Rows per page
Query Builder