EUVD-2025-8494

Malicious code in bioql PyPI...

CVE-2025-55008 AuthKit React Router: Sensitive auth data rendered in HTML

The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by...

Credential Leakage

Requests is vulnerable to credential leakage. The vulnerability is due to a URL parsing issue that may expose .netrc credentials to third parties for specially crafted URLs, allowing attackers to exfiltrate sensitive authentication data...

CVE-2025-0273

HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user...

BIT-GITLAB-2024-12380 Generation of Error Message Containing Sensitive Information in GitLab

An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication...

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...

Credentials Exposure

github.com/argoproj/argo-cd is vulnerable to Credentials Exposure. The vulnerability is due to the inappropriate handling and logging of sensitive authentication information within pod logs when connected to a Helm OCI repository with authentication enabled, allows individuals with access to the...

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...

CVE-2024-2905

A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication da...

CVE-2024-2905

CVE-2024-2905 affects rpm-ostree where default builds expose a world-readable /etc/shadow. Multiple Nessus advisories (RHEL 9, AlmaLinux 9, Oracle Linux 9, MiracleLinux, Fedora) reference the issue and indicate patches/backports to a fixed rpm-ostree release (e.g., versions >= 2024.4-3 or rela...

PCI v4 is coming. Are you ready?

If you’ve landed here the chances are you are considering PCI compliance. At present the scheme is running against v3.2.1. In March 2022, the PCI Council released the long-anticipated v4.0. The Council stated that the changes represent their determination to “continue to meet the security needs o...

Information Disclosure

grafana is vulnerable to information disclosure. The vulnerability is due to the proxy endpoints leaking sensitive authentication tokens to some destination plugins which allows an attacker to gain access to HTTP header information...

CVE-2022-31790

WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4...

Debian DLA-2664-1 : curl security update

Viktor Szakats reported that libcurl, an URL transfer library, does not strip off user credentials from the URL when automatically populating the Referer HTTP request header field in outgoing HTTP requests. Sensitive authentication data may leak to the server that is the target of the second HTTP...

Cisco Jabber Information Disclosure Vulnerability (CNVD-2021-22911)

Cisco Jabber is a web conferencing and instant messaging application that allows users to send messages over the Extensible Messaging and Status Protocol XMPP. Cisco Jabber has an information disclosure vulnerability that can be exploited by an attacker by sending a crafted XMPP message to the...

CVE-2020-27656

Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors...

CVE-2014-1487

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages...

DeskSoft CheckMail 1.2 - Password Disclosure

DeskSoft CheckMail 1.2 - Password Disclosure source: https://www.securityfocus.com/bid/8449/info It has been reported that a password disclosure issue exists in CheckMail allowing a local user to access sensitive authentication information through the Windows Registry. The software stores user...