BIT-NATS-2026-33247 NATS credentials are exposed in monitoring port via command-line argv

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv the command-line, then those credentials are visible to any user who can see the...

CVE-2025-7381

ImpactThis is an information disclosure vulnerability originating from PHP's base image. This vulnerability exposes the PHP version through an X-Powered-By header, which attackers could exploit to fingerprint the server and identify potential weaknesses. WorkaroundsThe mitigation requires changin...

apollo-portal has potential unauthorized access issue

Impact A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. Patches The issue was addressed with an input parameter check in...

Apple Mac OS X Find-By-Content .DS_Store Web Directory Listing

It is possible to read a '.DSStore' file on the remote web server. This file is created by MacOS X Finder; it is used to remember the icons position on the desktop, among other things, and contains the list of files and directories present in the remote directory. Note that deleted files may stil...