76 matches found
CVE-2024-34708
Directus is a real-time API and App dashboard for managing SQL database content. A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the alias functionality on the API. Normally, these redacted fields will return however if we...
Information Leakage in Grafana Alerting
In Grafana’s alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role “Contact Point Writer”, which is part of the basic role Editor - can edit...
CVE-2025-12148
In CVE-2025-12148, Floragunn Search Guard FLX versions 3.1.1 and earlier expose a vulnerability where Field Masking (FM) rules are not properly enforced on IP-type fields. Although the redacted _source is returned, search hits can be based on specific IP values, enabling reconstruction of the ori...
Exploit for CVE-2025-9196
CVE-2025-9196-PoC This repository contains security research...
EUVD-2025-25046
Malicious code in bioql PyPI...
Sensitive Information Disclosure
OpenSearch is vulnerable to Sensitive Information Disclosure. The vulnerability is due to redacted values being retrievable through range queries and the fields option in the search API...
MAL-2025-8579 Malicious code in @malware-test-crime-cured-tikka-yourt/test-mlw3-crime-cured-tikka-yourt (npm)
The package @malware-test-crime-cured-tikka-yourt/test-mlw3-crime-cured-tikka-yourt was found to contain malicious code...
CVE-2025-8862
CVE-2025-8862 involves YugabyteDB collecting diagnostics from servers, which may include sensitive gflag configurations. The underlying issue is that this information is not properly redacted in some versions, leading to potential exposure. The connected documents consistently state the mitigatio...
CVE-2025-8862
YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. To mitigate this, we recommend upgrading the database to a version where this information is properly redacted...
CVE-2025-8862
YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. To mitigate this, we recommend upgrading the database to a version where this information is properly redacted...
GHSA-PQHP-4XFC-HJGQ Couchbase Sync Gateway shows cleartext passwords in redacted and unredacted output
An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollectinfooptions.log and syncgateway.log, there are cleartext passwords in redacted and unredacted output...
Couchbase Sync Gateway shows cleartext passwords in redacted and unredacted output
An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollectinfooptions.log and syncgateway.log, there are cleartext passwords in redacted and unredacted output...
PYSEC-2025-101
An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollectinfooptions.log and syncgateway.log, there are cleartext passwords in redacted and unredacted output...
CVE-2024-34708
Directus is a real-time API and App dashboard for managing SQL database content. A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the alias functionality on the API. Normally, these redacted fields will return however if we...
GHSA-P8V3-M643-4XQX Directus allows redacted data extraction on the API through "alias"
Summary A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the alias functionality on the API. Normally, these redacted fields will return however if we change the request to ?aliasworkaround=redacted we can instead retrieve the...
Directus allows redacted data extraction on the API through "alias"
Summary A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the alias functionality on the API. Normally, these redacted fields will return however if we change the request to ?aliasworkaround=redacted we can instead retrieve the...
CVE-2024-34708 Directus allows redacted data extraction on the API through "alias"
Directus is a real-time API and App dashboard for managing SQL database content. A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the alias functionality on the API. Normally, these redacted fields will return however if we...
PT-2024-26122 · Directus · Directus
Name of the Vulnerable Software and Affected Versions: Directus versions prior to 10.11.0 Description: A user with permission to view any collection using redacted hashed fields can access the raw stored version using the alias functionality on the API. Normally, these redacted fields return , bu...
GHSA-VH2M-22XX-Q94F Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore
Impact OpenTelemetry.Instrumentation.Http writes the url.full attribute/tag on spans Activity when tracing is enabled for outgoing http requests and OpenTelemetry.Instrumentation.AspNetCore writes the url.query attribute/tag on spans Activity when tracing is enabled for incoming http requests...
BIT-GITLAB-2021-22184
An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted...