CVE-2026-28675

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints returned raw exception strings to clients. Additionally, login token material was exposed in UI/rendered responses and token rotation output. This...

DEBIAN-CVE-2026-28434

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via setexceptionhandler, the library catches the exception and writes its message...

GHSA-3R8J-PMCH-5J2H Internal exception message exposure for login action in Sylius

Internal exception message exposure for login action Impact Exception messages from internal exceptions like database exception are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system...

Cache: NonManagedConnectionFactory will log password in clear text when an exception occurs

The NonManagedConnectionFactory in JBoss Enterprise Application Platform EAP 5.1.2 and 5.2.0, Web Platform EWP 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by readi...