CVE-2025-70040

An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...

EUVD-2025-208370

An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates...

CVE-2025-70048

An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2...

CVE-2025-70040

An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...

Microsoft ACI Confidential Containers Information Disclosure Vulnerability

Microsoft ACI Confidential Containers is a Microsoft credentials container. A security vulnerability exists in Microsoft ACI Confidential Containers that stems from an improper design and can be exploited by an attacker to obtain sensitive information...

CVE-2025-70040

An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...

Microsoft Payment Orchestrator Service Access Control Error Vulnerability

Microsoft Payment Orchestrator Service is a Microsoft feature that provides cloud-native payment process automation and orchestration for the financial services industry. An Access Control Error vulnerability exists in Microsoft Payment Orchestrator Service, which stems from improper authenticati...

LessPass 安全漏洞

LessPass is an open-source password manager developed by LessPass. Version 9.6.9 of LessPass contains a security vulnerability that stems from the storage of sensitive information in plaintext, which could allow attackers to obtain this sensitive data...

JiMeng Web MCP Server 安全漏洞

JiMeng Web MCP Server is a large model context server developed by LupinLin1. Version 2.1.2 of JiMeng Web MCP Server contains a security vulnerability. This vulnerability stems from the insertion of sensitive information into log files, which may allow attackers to obtain sensitive data...

CVE-2025-70048

Nexusoft NexusInterface v3.2.0-beta.2 is described as affected by CWE-319: Cleartext Transmission of Sensitive Information. The Connected documents reiterate this issue but do not provide technical details, root cause, impact specifics, exploit information, or remediation steps.

Chamilo copy_course_session_selected.php file SQL injection vulnerability

Chamilo is a learning management system open source by Chamilo. Chamilo copycoursesessionselected.php file contains a SQL injection vulnerability that can be exploited by an attacker to execute illegal SQL commands to steal sensitive database data...

CVE-2025-70040

CVE-2025-70040 affects the npm package jimeng-web-mcp (v2.1.2) from LupinLin1. The issue is described as CWE-532: Insertion of Sensitive Information into Log File, allowing an attacker to obtain sensitive information via poorly sanitized log output. Connected sources confirm the affected componen...

IBM InfoSphere Information Server Log Information Disclosure Vulnerability

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A log information disclosure vulnerability exists in IBM InfoSphere Information Server that...

CVE-2025-70050

CVE-2025-70050 affects lesspass v9.6.9 and is described as CWE-312: Cleartext Storage of Sensitive Information. The provided documents indicate that the vulnerability allows attackers to obtain sensitive information, with a CVSS‑3.1 base score of 6.5 (Network attack, Low attack complexity, No pri...

PT-2026-24079

Name of the Vulnerable Software and Affected Versions LupinLin1 jimeng-web-mcp version 2.1.2 Description An issue exists where sensitive information is inserted into log files. This can allow an attacker to obtain sensitive information. Recommendations At the moment, there is no information about...

CVE-2025-70050

An issue pertaining to CWE-312: Cleartext Storage of Sensitive Information was discovered in lesspass lesspass v9.6.9 which allows attackers to obtain sensitive information...

PT-2026-24086

An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora Twake v2023.Q1.1223. This allows attackers to obtain sensitive information and execute arbitrary code...

Nexus Wallet Interface 安全漏洞

Nexus Wallet Interface is an open-source cryptocurrency wallet interface developed by Nexus. Version 3.2.0-beta.2 of Nexus Wallet Interface contains a security vulnerability, which stems from the transmission of sensitive information in plain text...

Lockbox -- a Zero Trust Architecture for Secure Processing of Sensitive Cloud Workloads

Enterprises increasingly rely on cloud-based applications to process highly sensitive data artifacts. Although cloud adoption improves agility and scalability, it also introduces new security challenges such as expanded attack surfaces, a wider radius of attack from credential compromise, and...

CVE-2026-2671 Mendi Neurofeedback Headset Bluetooth Low Energy cleartext transmission

A vulnerability was detected in Mendi Neurofeedback Headset V4. Affected by this vulnerability is an unknown functionality of the component Bluetooth Low Energy Handler. Performing a manipulation results in cleartext transmission of sensitive information. The attack can only be performed from the...