Lucene search
K

46 matches found

Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.8 views

PT-2026-55450

Name of the Vulnerable Software and Affected Versions dragonfly versions prior to 2.4.4 Description The Dragonfly Manager fails to enforce authentication on specific API endpoints, allowing unauthenticated network-reachable attackers to retrieve sensitive OAuth client secrets. The issue occurs...

6.3CVSS6AI score
Exploits0References4
The Hacker News
The Hacker News
added 2026/06/11 5:46 p.m.20 views

New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets

Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs. Imperva buried instructions inside shared contacts, vCards, and...

5.7AI score
Exploits0
NVD
NVD
added 2026/06/02 11:16 p.m.16 views

CVE-2026-44653

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only VIEW access to an MCP server can retrieve the server's decrypted admin-managed secrets through GET /api/mcp/servers and GET /api/mcp/servers/:serverName. The returned...

6.5CVSS0.00276EPSS
Exploits1References1
NVD
NVD
added 2026/05/27 6:16 p.m.14 views

CVE-2026-44460

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totpsetup.php is callable from a session that has only passed the password check state pendingloginuser. When the target account already has TOTP configured, the endpoint...

7.4CVSS0.00265EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/12 3:9 p.m.12 views

sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)

In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encoded JSON, NOT encrypted. Any party who could observe a minted token CI build logs, container env dumps...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References3Affected Software2
Cvelist
Cvelist
added 2026/03/09 8:17 a.m.29 views

CVE-2025-41762 Secret leak with wwwdnload.cgi

An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates...

6.2CVSS0.00079EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 10:55 p.m.27 views

CVE-2026-26326

CVE-2026-26326 affects the OpenClaw OpenClaw AI assistant. Before version 2026.2.14, the function skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for requires.config paths. The fix in 2026.2.14 stops including raw resolved conf...

5.3CVSS5.6AI score0.00303EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/17 10:1 a.m.6 views

CVE-2025-14844

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcpstripecreatesetupintentforsavedcard' function due to missing capability check. Additionally, the plugin does not check a user-controlled...

8.2CVSS5.7AI score0.00419EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-43431

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.0036EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-43439

Malicious code in bioql PyPI...

8.2CVSS8.1AI score0.00585EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-43433

Malicious code in bioql PyPI...

8.2CVSS8.2AI score0.00574EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-43434

Malicious code in bioql PyPI...

8.2CVSS8.1AI score0.0058EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-43432

Malicious code in bioql PyPI...

8.2CVSS8.1AI score0.00576EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-43436

Malicious code in bioql PyPI...

8.2CVSS8.2AI score0.00585EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/06/09 6:13 a.m.25 views

CVE-2025-25209 Rhcl: sharedsecretref can be used to leak secrets severity

The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak tho...

5.7CVSS0.00187EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:14 a.m.10 views

CVE-2024-53253

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...

5.3CVSS6.8AI score0.00628EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:48 a.m.10 views

CVE-2024-37283

An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs...

6.5CVSS6.9AI score0.00563EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:11 a.m.7 views

CVE-2023-39734

The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10mc Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages...

8.2CVSS6.8AI score0.0058EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/03/31 12:0 a.m.33 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.10.1.5)

The version of AOS installed on the remote host is prior to 6.10.1.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.10.1.5 advisory. - virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic templa...

9.8CVSS7.6AI score0.62474EPSS
Exploits10References8
OSV
OSV
added 2024/08/21 2:17 p.m.36 views

GO-2023-2049 Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd...

9.9CVSS9.3AI score0.00975EPSS
Exploits1References9
Rows per page
Query Builder