Lucene search
K

11 matches found

Cvelist
Cvelist
added 2026/06/23 7:53 p.m.35 views

CVE-2026-11820 Community.general: community.general nexmo — api credentials exposed in get url query string[security] community.general nexmo — api credentials exposed in get url query string

A flaw was found in the community.general Ansible collection's nexmo module. The module constructs HTTP requests to the Vonage/Nexmo SMS API by encoding API credentials apikey and apisecret into URL query parameters and sending them via GET requests. This causes credentials to be exposed in web...

6.5CVSS0.00287EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/21 9:16 p.m.3 views

CVE-2026-40945

Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This...

8.7CVSS5.8AI score0.00308EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-17758

Malware in sbrugna...

7.8CVSS7.5AI score0.00486EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-12581

Malicious code in bioql PyPI...

3.3CVSS6.6AI score0.0013EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/14 11:18 p.m.4 views

CVE-2025-53885 Directus doesn't redact sensitive user data when logging via event hooks

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows to handle CRUD events for users it is possible to log the incoming data to console using the "Log to Console" operation and a template...

4.2CVSS7.6AI score0.0017EPSS
Exploits0References4
Hacker One
Hacker One
added 2025/03/04 5:14 p.m.1323 views

AWS VDP: Non-Production API Endpoints for the Forecast Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

The Forecast service in Amazon Web Services AWS has four non-production API endpoints that can be accessed using standard IAM credentials, but do not log any activity to CloudTrail. This allows for silent permission enumeration, where an adversary can test the capabilities of compromised...

7AI score
Exploits0
SUSE Linux
SUSE Linux
added 2025/02/12 12:2 p.m.2 views

Security update for podman

This update for podman fixes the following issues: CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing them to log files. bsc1227052 CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of...

6.9CVSS7AI score0.91969EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.6 views

SUSE CVE-2017-1000401

The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, , supports form validation e.g. for API keys. The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations o...

2.2CVSS4.3AI score0.00399EPSS
Exploits0References3
OSV
OSV
added 2022/12/16 11:15 p.m.3 views

CVE-2022-38756

A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies...

4.3CVSS5.7AI score0.00844EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2022/07/15 5:41 p.m.3 views

CVE-2022-2394

Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise...

4.1CVSS5.9AI score0.00449EPSS
Exploits0References2Affected Software1
Gentoo Linux
Gentoo Linux
added 2004/10/25 12:0 a.m.25 views

socat: Format string vulnerability

Background socat is a multipurpose bidirectional relay, similar to netcat. Description socat contains a syslog based format string vulnerablility in the 'msg' function of 'error.c'. Exploitation of this bug is only possible when socat is run with the '-ly' option, causing it to log messages to...

5CVSS1.1AI score0.07293EPSS
Exploits1
Rows per page
Query Builder