Dgraph: Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars

Summary Dgraph v25.3.2 still exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can retrieve that token and replay it in the...

FreeBSD : Mailpit -- Performance information disclosure (0b5145e9-a500-11f0-a136-10ffe07f9334)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0b5145e9-a500-11f0-a136-10ffe07f9334 advisory. Ralph Slooten Mailpit developer reports: An HTTP endpoint was found which exposed expvar runtime...

Mailpit -- Performance information disclosure

Ralph Slooten Mailpit developer reports: An HTTP endpoint was found which exposed expvar runtime information memory usage, goroutine counts, GC behavior, uptime and potential runtime flags due to the Prometheus client library dependency...

Uber: Golang expvar Information Disclosure

Package expvar provides a standardized interface to public variables, such as stack trace information and operation counters in servers...