EUVD-2026-27233

An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...

CVE-2026-33886 Statamic's sensitive configuration values are exposed to content editors via Antlers-enabled fields

Statamic is a Laravel and Git powered content management system CMS. Starting in version 5.7.12 and prior to versions 5.73.16 and 6.7.2, a control panel user with access to Antlers-enabled fields could access sensitive application configuration values by inserting config variables into their...

CasaOS 安全漏洞

CasaOS is a simple, easy-to-use, and elegant open source home cloud system. A security vulnerability exists in CasaOS 0.4.15 and earlier versions, which stems from the exposure of multiple unauthenticated endpoints and could lead to the disclosure of sensitive configuration files and system...

CVE-2025-54548

On affected platforms, restricted users could view sensitive portions of the config database via a debug API e.g., user password hashes...

EUVD-2020-7261

Malware in sbrugna...

CVE-2025-20270 Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of reques...

CVE-2020-15235

In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd3/10/20 are patched...

Apache Pulsar 安全漏洞

Apache Pulsar is an American Apache Apache Foundation distributed message flow platform for use in cloud environments that integrates messaging, storage, and lightweight functional computing. The software supports multi-tenancy, persistent storage, multi-room cross-region data replication with hi...

PYSEC-2024-182

Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially...

Information Disclosure

ethyca-fides is vulnerable to Information Disclosure. The vulnerability is due roles.py as it grants the CONFIGREAD scope to roles other than the owner, specifically the VIEWER and VIEWERANDAPPROVER roles. This allows Admin UI users with roles lower than the owner role to retrieve sensitive confi...

PYSEC-2023-204

Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default. It is recommended to upgrade to a...

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2021:1602-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:1602-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Update to 20.0.14 Security issues fixed: CVE-2021-41179: Fix boo1192028 - CWE-304: Two-Factor Authentication not enforced for pages marked as public CVE-2021-41178: Fix boo1192030 - CWE-434: File Traversal affecting SVG files on Nextcloud Serv...

PT-2021-4146 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This issue is due to...

CVE-2020-15235

In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd3/10/20 are patched...

CVE-2020-15235

In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd3/10/20 are patched...

Code injection

In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd3/10/20 are patched...

CVE-2020-15235 Sensitive data exposure in RACTF

In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd3/10/20 are patched...

CVE-2020-15235

CVE-2020-15235 concerns RACTF where, before the commit f3dc89b, unauthenticated users could retrieve values of sensitive config keys that should be admin-only. After the commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd (3/10/20), versions are patched, per multiple sources (NVD/Red Hat/OSV). Connec...

Directory traversal

Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Scriptview page. This will result in file disclosure i.e., being able to pull any file from the remote victim application. This can be used to steal and...