Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency CISA after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub accoun...

CVE-2026-33975

Twenty is an open source CRM built with NestJS Node.js. In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6 addresses to compressed hex...

CVE-2026-27193

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, all HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal proxy/gateway headers to clients. The OAuth servi...

CVE-2022-31047

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys e.g. database credentials can be logged as plaintext in exception handlers, when logging the complete exception stack trace...

squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling

A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...

CVE-2025-59951

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for Termix versions 1.5.0 and below, due to being configured with an Nginx reverse proxy, causes the backend to retrieve the proxy's IP instead of the client's I...

ZITADEL 安全漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the age of containers and serverless, open sourced by ZITADEL in Switzerland. A security vulnerability exists in Zitadel that stems from the fact that Zitadel discloses internal database...

CVE-2023-2904

The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface API. An attacker could log in using account credentials available through a request generated by an internal user and then...

PT-2022-20485 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 7.6.57 ELTS TYPO3 versions prior to 8.7.47 ELTS TYPO3 versions prior to 9.5.34 ELTS TYPO3 versions prior to 10.4.29 TYPO3 versions prior to 11.5.11 Description: System internal credentials or keys, such as database...

Mail.ru: Source code and internal credentials disclosure

Sensitive application configuration data disclose on registry.infra.mail.ru...

Lark Technologies: SSRF with information disclosure

A SSRF server side request forgery vulnerability was identified in the messenger endpoint of Lark Suite which could have exposed internal credentials used by the server. We thank @jin0ne for reporting this to our team...

Informatica: Public Github Repo Leaking Internal Credentials Leading To DiscoveryIQ Docker Access

Researcher has identified and reported public github repo leaking internal information...

CVE-2016-3012

IBM API Connect aka APIConnect before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials...

欧朋LDAP服务匿名访问,内部大量泄露等!

简要描述： RT! 详细说明： LDAP匿名访问: 59.151.111.93:389 漏洞证明： 我看到有些公司的邮件系统直接用LDAP明文存储邮箱密码的,结果从高管到员工的邮箱可能全部被控制.发现真是进入企业内部的好通道啊! 总有几个员工弱口令的: https://mail.oupeng.com [email protected] kongcongcong [email protected] renyongy wifi: Hubei446 Beijing7 Guangdong3 Guangxi0 Xinjiang0 Fujian42 看出每月密码更换规则没?...