CVE-2026-23782

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to...

CVE-2026-22038

CVE-2026-22038 affects AutoGPT prior to platform-beta-v0.6.46. The vulnerability arises when Stagehand blocks log API keys and authentication secrets in plaintext via logger.info() in StagehandObserveBlock, StagehandActBlock, and StagehandExtractBlock, where api_key.get_secret_value() is logged. ...

CVE-2026-22038 AutoGPT's API Keys and Secrets Logged in Plaintext in Stagehand Integration Blocks

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using...

CVE-2021-28290

A cross-site scripting XSS vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencoded value passed to the data-secret-value parameter...

EUVD-2021-14979

Malware in sbrugna...

CVE-2024-54137

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treat...

CVE-2024-47803

CVE-2024-47803 affects Jenkins core: Jenkins 2.478 and earlier, and LTS 2.462.2 and earlier, where multi-line secrets entered via the secretTextarea form field are not redacted in error messages. This can leak secrets through logs or error responses. The issue is mitigated by upgrading to Jenkins...

CVE-2023-28897

The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III 3V3 - 2.0 TDI manufactured in 2022...

CVE-2022-27598 QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)

A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP QVR Pro appliances...

CVE-2021-28290

A cross-site scripting XSS vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencoded value passed to the data-secret-value parameter...

Cross site scripting

A cross-site scripting XSS vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencoded value passed to the data-secret-value parameter...

IdentityServer4.Admin 跨站脚本漏洞

IdentityServer4.Admin is an administration for IdentityServer4 and Asp.Net Core Identity by Jan Škoruba, a Czech individual developer. A security vulnerability exists in IdentityServer4.Admin versions prior to 2.0.0, which can be exploited by an attacker to conduct cross-site scripting XSS attack...

Design/Logic Flaw

Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is...