28033 matches found
Insertion of Sensitive Information into Log File
Overview langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File through the Client handling of events. An attacker can bypass redaction controls and...
Valtimo 安全漏洞
Valtimo is an open-source low-code platform for business process automation developed by Valtimo in the Netherlands. Versions of Valtimo prior to 13.21.0 contained security vulnerabilities. These vulnerabilities stemmed from the InboxHandlingService, which recorded the full content of all incomin...
CVE-2026-32218
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally...
CVE-2026-32215
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally...
CVE-2026-32151
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network...
CVE-2026-32081
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally...
CVE-2026-26152
Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally...
CVE-2026-30994
Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via “Contact Point Writer” role that by default grants permission to alert.notifications:write or alert.notifications.receivers:test actions. An attacker can gain unauthorized access to sensitive configuration data,...
EUVD-2026-22921
The accesskey and connectionstring connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be seen in the logs. Azure...
CVE-2026-20205 Sensitive Information Disclosure in ''_internal'' index in Splunk MCP Server app
In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk internal index or possesses the high-privilege capability mcptooladmin could view users session and authorization tokens in clear text.The vulnerability would require either local access to the log...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the /debugging/config/dump endpoint if there are second level Properties objects in the configuration. An attacker can obtain sensitive configuration details, including database credentials, by sending requests ...
CVE-2026-40742 WordPress Nelio AB Testing plugin <= 8.2.8 - Sensitive Data Exposure vulnerability
Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio AB Testing: from n/a through = 8.2.8...
CVE-2026-40742 WordPress Nelio AB Testing plugin <= 8.2.8 - Sensitive Data Exposure vulnerability
Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio AB Testing: from n/a through = 8.2.8...
CVE-2026-40742
Nelio AB Testing WordPress plugin
Vulnerabilities in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges -...
Exploit for Missing Encryption of Sensitive Data in Apache Tomcat
CVE-2026-34486 Apache Tomcat EncryptInterceptor Bypass Vulnera...
Exploit for Missing Encryption of Sensitive Data in Apache Tomcat
No d...
EUVD-2026-22794
Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to access sensitive files or data on the system. Exploitation of this issue requires user interactio...
CVE-2026-30615
CVE-2026-30615 affects Windsurf 1.9544.26. The connected sources describe a prompt-injection vulnerability that occurs when Windsurf processes attacker-controlled HTML content, enabling remote command execution and manipulation of the local MCP configuration, including automatic registration of a...