EUVD-2026-34270

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...

CVE-2023-5600

An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific references could be leaked through the service-des...

CVE-2024-7786

The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates...

WordPress Sensei LMS plugin < 4.24.2 - Unauthenticated Email Template Leak vulnerability

Unauthenticated Email Template Leak vulnerability discovered by Sushmita Poudel in WordPress Plugin Sensei LMS versions 4.24.2...

Internet Bug Bounty: Leak of sensitive values to Airflow rendered template

I’m just getting started with Airflow, but seem to have got into a situation where sensitive values e.g. connection passwords end up in my task’s rendered template. Here’s how my DAG starts, having set up a connection called “secret” with a password specified: t1 = BashOperator...