Lucene search
K

64 matches found

NVD
NVD
added 2026/06/23 9:17 p.m.10 views

CVE-2026-9073

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...

6.2CVSS0.00152EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 7:53 p.m.7 views

EUVD-2026-38603

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...

6.2CVSS5.8AI score0.00152EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:53 p.m.5 views

CVE-2026-9073

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...

6.2CVSS5.8AI score0.00152EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Ansible

A flaw was discovered in several Ansible modules, where parameters containing credentials, such as “secrets,” were logged in plain text on managed nodes, and were also made visible on the controller node when run in verbose mode. These parameters were not protected by the “nolog” feature. An...

5.5CVSS6.8AI score0.00333EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 12:31 a.m.10 views

EUVD-2026-35867

The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text...

6.8CVSS5.5AI score0.00109EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.8 views

CVE-2026-7824

An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...

5.9CVSS5.5AI score0.00242EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

VMware Spring Cloud Config 日志信息泄露漏洞

VMware Spring Cloud Config is a configuration management solution for distributed systems developed by VMware, Inc. This product provides server and client support for external configurations in distributed systems. VMware Spring Cloud Config has a vulnerability related to log information leakage...

4.4CVSS5.8AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2026/05/05 7:16 a.m.10 views

CVE-2026-7824

An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...

5.9CVSS0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/06 1:13 p.m.28 views

CVE-2026-1337 Insufficient escaping of unicode characters in query log

Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat...

2CVSS0.00207EPSS
Exploits2References1
EUVD
EUVD
added 2026/02/06 1:13 p.m.6 views

EUVD-2026-5683

Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat...

2CVSS5.2AI score0.00207EPSS
Exploits2References1
AlpineLinux
AlpineLinux
added 2026/02/06 1:13 p.m.3 views

CVE-2026-1337

Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat...

5.4CVSS5.5AI score0.00207EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.5 views

PT-2026-6724

Name of the Vulnerable Software and Affected Versions Neo4j versions prior to 2026.01 Description A lack of proper unicode character escaping in the query log functionality can result in cross-site scripting XSS if logs are opened in a tool that interprets them as HTML. The issue is present in bo...

5.4CVSS5AI score0.00207EPSS
Exploits2References6
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.7 views

rustfs 日志信息泄露漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS from alpha.13 to alpha.81 have a vulnerability related to log information leakage. This vulnerability stems from storing sensitive credentials as plain-text records in application logs, which can lead to...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.6 views

CVE-2026-22798

hermes is an implementation of the HERMES workflow to automatize software publication with rich metadata. From 0.8.1 to before 0.9.1, hermes subcommands take arbitrary options under the -O argument. These have been logged in raw form. If users provide sensitive data such as API tokens e.g., via...

5.9CVSS6.9AI score0.00154EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:7 a.m.8 views

CVE-2020-7306

Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention DLP for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text...

5.2CVSS7.1AI score0.00248EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/18 6:37 p.m.7 views

CVE-2025-67745 Myhoard logs backup encryption key in plain text

MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null...

7.1CVSS6.3AI score0.00141EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-15763

Malware in sbrugna...

9.8CVSS9.5AI score0.01292EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-24395

Malicious code in bioql PyPI...

6.2CVSS6.6AI score0.00252EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-24398

Malicious code in bioql PyPI...

6.8CVSS6.6AI score0.00438EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-24420

Malicious code in bioql PyPI...

4.7CVSS6.5AI score0.00255EPSS
Exploits1References4
Rows per page
Query Builder