CVE-2026-45793

Github Actions issued GITHUBTOKEN disclosure in GitHub Actions logs...

Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs

Summary Composer leaks the full contents of tokens configured as GitHub OAuth tokens if they do not match Composer's expected format for such tokens to stderr. GitHub has introduced a new format for GitHub Actions GITHUBTOKEN values. These tokens are validated in the same way by Composer on GitHu...

EUVD-2026-9797

HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs...

WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled

Summary Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can: - Stream real-time application logs information disclosure. - Gain insight into internal file...

CVE-2025-9821 SSRF via webhook function

SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the partial request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. ImpactBypass of firewalls to interact with internal...

PT-2025-27769 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.43.0 Description: The issue concerns the recording of system environment variables in Docker Desktop diagnostic logs when using shell auto-completion. This leads to the unintentional disclosure of sensitive...

Gitlab -- Vulnerabilities

Gitlab reports: Privilege Escalation via LFS Tokens Granting Unrestricted Repository Access Cross project access of Security policy bot Advanced search ReDOS in highlight for code results Denial of Service via banzai pipeline Denial of service using adoc files ReDoS in RefMatcher when matching...

Elastic Kibana Log Information Disclosure Vulnerability

Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. A log message disclosure vulnerability exists in Elastic Kibana versions 8.0.0 through 8.11.1, which...

CVE-2023-2878

Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs...

ArgoCD 日志信息泄露漏洞

ArgoCD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository, automatically synchronizing and deploying...

PT-2022-6365 · Dell · Dell Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 9.0.0.x through 9.4.0.x Description: The issue is related to the cleartext storage of sensitive information in the S3 component, potentially leading to information disclosure. An authenticated local attacker cou...

The vulnerability of the Slack Morphism library for Scala, related to the disclosure of debugging logs in applications, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Slack Morphism library for Scala is related to the disclosure of information in application debugging logs. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

CVE-2022-39848

Exposure of sensitive information in ATDistributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log...

CVE-2022-2369 YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure

The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin...

CVE-2022-33693

Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log...

YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure

The plugin does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin @author : 0xshdax Rafshanzani Suhada @usage : python3 script.py http://localhost import requests, sys, re, json Setup here url = sys.argv1 headers =...

YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure

The plugin does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin PoC @author : 0xshdax Rafshanzani Suhada @usage : python3 script.py http://localhost import requests, sys, re, json Setup here url = sys.argv1 headers =...

GHSA-WMVQ-Q9H8-7J4G Moodle sensitive information disclosure

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester...

Evernote: [34.96.80.155] Server Logs Disclosure lead to Information Leakage

Summary: In this case server log is available for any in /server-status Steps To Reproduce: 1. Go to https://34.96.80.155/server-status/ and follow attack scenario's Attack Scenario's: Serg.io 1. User go to server and enter sensitive info that can be logged example : http://host/login?privatekey=...

Samsung Mobile Galaxy Watch PlugIn 日志信息泄露漏洞

The Samsung Galaxy Watch3 is the 3rd generation smartwatch in the Samsung Galaxy Watch series. The Samsung Galaxy Watch3 plug-in has a security vulnerability that allows an attacker with logging privileges to exploit the vulnerability to disclose the Wi-Fi password connected to the user's...