Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

OSV
OSVadded 2026/05/19 3:40 p.m.3 views

GHSA-WG5X-3G47-V38R fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode

When chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in plaintext. An attacker with access to the chaincode server logs could recover the TLS private key password. If the attacker can also obtain...

5.5CVSS5.8AI score
Exploits0References2
Veracode
Veracodeadded 2026/03/14 5:4 a.m.3 views

Information Disclosure

Apache ZooKeeper is vulnerable to Information Disclosure. The vulnerability is due to improper handling of configuration values in ZKConfig, where sensitive client configuration data may be logged at INFO level in the client logfile, potentially exposing confidential information...

7.5CVSS6.7AI score0.00022EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2026/03/13 8:5 p.m.1 views

GHSA-4524-CJ9J-G4FJ OneUptime: Password Reset Token Logged at INFO Level

Summary The password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log aggregation, Docker logs, Kubernetes pod logs can intercept reset tokens and perfo...

6.9CVSS5.9AI score0.00039EPSS
Exploits1References4
EUVD
EUVDadded 2026/02/03 4:6 p.m.1 views

EUVD-2026-5218

RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material access key, secret key, session token to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be...

6.9CVSS5.3AI score0.00049EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-29403

Malicious code in bioql PyPI...

6.6AI score
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-29522

Malicious code in bioql PyPI...

6.6AI score
Exploits0References6
Veracode
Veracodeadded 2025/09/25 7:44 p.m.2 views

Insertion Of Sensitive Information Into Log File

github.com/edgelesssys/contrast vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to the logging configuration. An attacker can access sensitive information by exploiting the log output when the log level is set to info or debug...

6.7AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2025/09/08 12:0 a.m.1 views

PT-2025-36645

Contrast leaks workload secrets to logs on INFO level in github.com/edgelesssys/contrast...

6.8AI score
Exploits0References6
OSV
OSVadded 2025/08/28 4:46 p.m.1 views

GHSA-VXG3-W9RV-RHR2 Contrast leaks workload secrets to logs on INFO level

This is the same vulnerability as https://github.com/edgelesssys/contrast/security/advisories/GHSA-h5f8-crrq-4pw8. The original vulnerability had been fixed for release v1.8.1, but the fix was not ported to the main branch and thus not present in releases v1.9.0 ff. Below is a brief repetition of...

7.3CVSS6.8AI score
Exploits0References6
Rows per page
Query Builder