16 matches found
CVE-2026-44479
Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the us...
OneUptime: Password Reset Token Logged at INFO Level
Summary The password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log aggregation, Docker logs, Kubernetes pod logs can intercept reset tokens and perfo...
GHSA-4524-CJ9J-G4FJ OneUptime: Password Reset Token Logged at INFO Level
Summary The password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log aggregation, Docker logs, Kubernetes pod logs can intercept reset tokens and perfo...
CVE-2026-32598
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log...
OneUptime 日志信息泄露漏洞
OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.24 contained a vulnerability related to log information leakage. This vulnerability stemmed from the fact that the password reset...
CVE-2026-32598
The CVE concerns OneUptime. Before version 10.0.24, the password reset flow logged the full password reset URL, including the plaintext token, at INFO level by default in production. This allowed anyone with access to application logs (e.g., log aggregation, Docker logs, Kubernetes pod logs) to i...
CVE-2026-32598 OneUptime: Password Reset Token Logged at INFO Level
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log...
CVE-2026-32598
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log...
CVE-2026-32598 OneUptime: Password Reset Token Logged at INFO Level
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log...
PT-2026-25091
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log...
CVE-2025-62794 GitHub Workflow Updater stored the optional Github token in plaintext
GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...
CVE-2025-62794 GitHub Workflow Updater stored the optional Github token in plaintext
GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...
CVE-2025-62794
CVE-2025-62794 affects the GitHub Workflow Updater VS Code extension. Before version 0.0.7, the extension stored provided GitHub tokens in plaintext JSON in editor configuration on disk instead of using securestorage. This allowed a local attacker with read access to the user’s home directory to ...
GHSA-J4G3-3Q8X-JXQP dbt-core's secret env vars written to package-lock.json in plaintext
Impact When used to pull source code from a private repository using a Personal Access Token PAT, some versions of dbt-core write a URL with the PAT in plaintext to the package-lock.yml file. Patches The bug has been fixed in dbt-core v1.7.3. Mitigations Remove any git URLs with plaintext secrets...
CVE-2022-28162
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text...
BSA-2022-1841
Security Advisory ID : BSA-2022-1841 Component : REST API Revision : 1.0 Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. Affected Products. Brocade SANnav - Fixed in Brocade SANnav 2.2.0...