CVE-2024-24755 discourse-group-membership-ip-block is exposing potentially sensitive custom fields

discourse-group-membership-ip-block is a discourse plugin that adds support for adding users to groups based on their IP address. discourse-group-membership-ip-block was sending all group custom fields to the client, including group custom fields from other plugins which may expect their custom...

Microsoft Message Queuing Information Disclosure Vulnerability (CNVD-2024-04951)

Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. An information disclosure vulnerability exists in Microsoft Message Queuing, which can be exploited by an attacker to obtain sensitive information from heap memory...

CVE-2023-40437

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information...

GHSA-HJ4R-2C9C-29H3 Elastic Beats inserts sensitive information into log file

An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...

Google Android Information Disclosure Vulnerability (CNVD-2024-07120)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

Clear Text Credentials Exposure

Nautobot Device Onboarding is vulnerable to Clear Text Credentials Exposure. The vulnerability is due to credentials being visible via the Job Results view under the Additional Data tab as arguments for Celery Task execution when creating an OnboardingTask. As a result the attacker is exposed to...

CVE-2021-22143 Elastic APM .NET Agent information disclosure

The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers...

GHSA-P62Q-5483-H57V Quarkus does not properly sanitize artifacts created from its use of the Gradle plugin, allowing certain build system information to remain

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application...

VMware Workstation UHCI Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

CVE-2023-20074

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due...

SolarWinds Network Configuration Manager Security Vulnerability

SolarWinds Network Configuration Manager is an easy-to-use solution from SolarWinds USA. A security vulnerability exists in SolarWinds Network Configuration Manager that stems from susceptibility to a sensitive information disclosure vulnerability that allows users with administrative access to...

Apache Airflow Log Information Disclosure Vulnerability

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow has a log information leakage vulnerability , the vulnerability stem...

CVE-2022-22385

The CVE-2022-22385 issue affects IBM Security Verify Privilege On-Premises 11.5, where sensitive information can be disclosed due to data being transmitted in clear text. The vulnerability concerns the confidentiality of data in transit and is tied to IBM’s On-Premises Privilege Manager. Remediat...

CVE-2023-40384

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information...

OpenStack Barbican credential leak flaw

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials...

CVE-2023-1633

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials...

CVE-2023-1633 Insecure barbican configuration file leaking credential

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials...

CVE-2023-33835

CVE-2023-33835 affects IBM Security Verify Information Queue (ISIQ) versions 10.0.4 and 10.0.5 . The issue is an information-disclosure vulnerability likely tied to an error-reporting mechanism flaw, allowing a remote attacker to obtain sensitive information that could aid in further attacks. IBM...

CVE-2023-33834 IBM Security Verify Information Queue information disclosure

IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-force ID: 256014...

Authentication cookie without Secure flag

Description Access and login to the website. Press F12 on your keyboard or right-click on the website to open dev-tool. At Application tab, choose Cookies and there are some sensitive cookies without Secure flag. Proof of Concept Link photo:...