Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-28377

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users t...

7.5CVSS5.9AI score0.00155EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/26 9:39 p.m.4 views

CVE-2026-28377

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...

7.5CVSS5.8AI score0.00155EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/26 9:39 p.m.20 views

CVE-2026-28377

The CVE-2026-28377 issue affects Grafana Tempo (tempo package) where the /status/config endpoint exposes the S3 SSE-C encryption key in plaintext, enabling unauthorized access to the key used for tracing data stored in S3. Affected component/file: the Tempo S3 backend (tempodb/backend/s3) as desc...

7.5CVSS5.8AI score0.00155EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/05 9:41 p.m.4 views

CVE-2025-67732 Dify Vulnerable to Plaintext API Key Exposure via Model Provider Configuration Endpoint

Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. This can lead to unauthorized access to third-party services, potentially consuming limited quotas. Version...

8.4CVSS6.3AI score0.00305EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/05 9:41 p.m.30 views

CVE-2025-67732 Dify Vulnerable to Plaintext API Key Exposure via Model Provider Configuration Endpoint

Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. This can lead to unauthorized access to third-party services, potentially consuming limited quotas. Version...

8.4CVSS0.00305EPSS
Exploits1References1
CVE
CVE
added 2026/01/05 9:41 p.m.30 views

CVE-2025-67732

Dify (open-source LLM app platform) prior to v1.11.0 exposes API keys in plaintext to the frontend, allowing non-administrator users to view and reuse them. This can enable unauthorized access to third‑party services and potential quota abuse. A fix is available in v1.11.0 or later.

8.4CVSS6.3AI score0.00305EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder