Lucene search
K

76 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:6 a.m.6 views

CVE-2024-34708

Directus is a real-time API and App dashboard for managing SQL database content. A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the alias functionality on the API. Normally, these redacted fields will return however if we...

4.9CVSS7AI score0.00757EPSS
Exploits1References1
Grafana
Grafana
added 2025/12/16 12:0 a.m.15 views

Information Leakage in Grafana Alerting

In Grafana’s alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role “Contact Point Writer”, which is part of the basic role Editor - can edit...

6.5CVSS5.8AI score0.00255EPSS
Exploits0
CVE
CVE
added 2025/10/29 3:31 p.m.13 views

CVE-2025-12148

In CVE-2025-12148, Floragunn Search Guard FLX versions 3.1.1 and earlier expose a vulnerability where Field Masking (FM) rules are not properly enforced on IP-type fields. Although the redacted _source is returned, search hits can be based on specific IP values, enabling reconstruction of the ori...

6CVSS6.4AI score0.0025EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/10/14 8:15 p.m.181 views

Exploit for CVE-2025-9196

CVE-2025-9196-PoC This repository contains security research...

5.3CVSS6.7AI score0.00937EPSS
Exploits1
EUVD
EUVD
added 2025/10/03 8:7 p.m.36 views

EUVD-2025-25046

Malicious code in bioql PyPI...

2.6CVSS6.3AI score0.0021EPSS
Exploits0References3
Veracode
Veracode
added 2025/08/19 7:57 a.m.6 views

Sensitive Information Disclosure

OpenSearch is vulnerable to Sensitive Information Disclosure. The vulnerability is due to redacted values being retrievable through range queries and the fields option in the search API...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-8579 Malicious code in @malware-test-crime-cured-tikka-yourt/test-mlw3-crime-cured-tikka-yourt (npm)

The package @malware-test-crime-cured-tikka-yourt/test-mlw3-crime-cured-tikka-yourt was found to contain malicious code...

7.2AI score
Exploits0
CVE
CVE
added 2025/08/11 12:40 p.m.18 views

CVE-2025-8862

CVE-2025-8862 involves YugabyteDB collecting diagnostics from servers, which may include sensitive gflag configurations. The underlying issue is that this information is not properly redacted in some versions, leading to potential exposure. The connected documents consistently state the mitigatio...

7CVSS6.7AI score0.00341EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/11 12:40 p.m.10 views

CVE-2025-8862

YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. To mitigate this, we recommend upgrading the database to a version where this information is properly redacted...

7CVSS0.00341EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/11 12:40 p.m.2 views

CVE-2025-8862

YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. To mitigate this, we recommend upgrading the database to a version where this information is properly redacted...

7CVSS6.7AI score0.00341EPSS
Exploits0References1
OSV
OSV
added 2025/07/29 9:30 p.m.7 views

GHSA-PQHP-4XFC-HJGQ Couchbase Sync Gateway shows cleartext passwords in redacted and unredacted output

An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollectinfooptions.log and syncgateway.log, there are cleartext passwords in redacted and unredacted output...

7.3CVSS5.4AI score0.0018EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/07/29 9:30 p.m.11 views

Couchbase Sync Gateway shows cleartext passwords in redacted and unredacted output

An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollectinfooptions.log and syncgateway.log, there are cleartext passwords in redacted and unredacted output...

7.3CVSS5.4AI score0.0018EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2025/07/29 8:15 p.m.13 views

PYSEC-2025-101

An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollectinfooptions.log and syncgateway.log, there are cleartext passwords in redacted and unredacted output...

7.3CVSS5.8AI score0.0018EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/05/14 3:39 p.m.29 views

CVE-2024-34708

Directus is a real-time API and App dashboard for managing SQL database content. A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the alias functionality on the API. Normally, these redacted fields will return however if we...

4.9CVSS5.1AI score0.00757EPSS
Exploits1References2
OSV
OSV
added 2024/05/13 7:40 p.m.22 views

GHSA-P8V3-M643-4XQX Directus allows redacted data extraction on the API through "alias"

Summary A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the alias functionality on the API. Normally, these redacted fields will return however if we change the request to ?aliasworkaround=redacted we can instead retrieve the...

4.9CVSS4.9AI score0.00757EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/05/13 7:40 p.m.47 views

Directus allows redacted data extraction on the API through "alias"

Summary A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the alias functionality on the API. Normally, these redacted fields will return however if we change the request to ?aliasworkaround=redacted we can instead retrieve the...

4.9CVSS6.5AI score0.00757EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2024/05/13 7:33 p.m.41 views

CVE-2024-34708 Directus allows redacted data extraction on the API through "alias"

Directus is a real-time API and App dashboard for managing SQL database content. A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the alias functionality on the API. Normally, these redacted fields will return however if we...

4.9CVSS5.4AI score0.00757EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.4 views

PT-2024-26122 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 10.11.0 Description: A user with permission to view any collection using redacted hashed fields can access the raw stored version using the alias functionality on the API. Normally, these redacted fields return , bu...

4.9CVSS6.7AI score0.00757EPSS
Exploits1References7
OSV
OSV
added 2024/04/12 10:54 p.m.18 views

GHSA-VH2M-22XX-Q94F Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore

Impact OpenTelemetry.Instrumentation.Http writes the url.full attribute/tag on spans Activity when tracing is enabled for outgoing http requests and OpenTelemetry.Instrumentation.AspNetCore writes the url.query attribute/tag on spans Activity when tracing is enabled for incoming http requests...

4.1CVSS4.1AI score0.00291EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 11:20 a.m.34 views

BIT-GITLAB-2021-22184

An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted...

6.2CVSS5.2AI score0.00302EPSS
Exploits0References3
Rows per page
Query Builder