CVE-2026-10099

XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocketreceiveworker routine of simplehttpserver.py that allows attackers to cause corrupted application data by sending unmasked WebSocket frames. The server unconditionally reads 4 bytes as a masking key regardless of...

CVE-2026-10099

XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocketreceiveworker routine of simplehttpserver.py that allows attackers to cause corrupted application data by sending unmasked WebSocket frames. The server unconditionally reads 4 bytes as a masking key regardless of...

CVE-2026-10099 XX-Net V5.16.6 WebSocket Frame Parsing Data Corruption via simple_http_server.py

XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocketreceiveworker routine of simplehttpserver.py that allows attackers to cause corrupted application data by sending unmasked WebSocket frames. The server unconditionally reads 4 bytes as a masking key regardless of...

CVE-2026-2476 MS Teams plugin sensitive config values not properly masked in support packets

Mattermost Plugins versions =2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606...

CVE-2026-2476

Mattermost Plugins

Mattermost Plugins 安全漏洞

Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions of Mattermost Plugins 2.0.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem fro...

CVE-2025-27555 Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow cli

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

CVE-2022-27949

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed for example when they were depending on past and previous instances of the task failed. This issue affects Apache Airflow prior to 2.3.1...

Information Exposure

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Information Exposure due to improper masking of raw request headers in the precall method of litellm/litellmcoreutils/litellmlogging.py. An attacker can obtain exposed API...

Apache Fineract Information Disclosure Vulnerability (CNVD-2026-00006)

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from an...

Sensitive Information Disclosure

Jenkins is vulnerable to Sensitive Information Disclosure. The vulnerability is due to build authorization tokens not being masked in the job configuration form, which allows an attacker who can view the configuration page to observe and capture these tokens...

GHSA-HXJG-2JVF-H3RX Jenkins's build authorization token is stored and displayed in plain text

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not mask build authorization tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-42904

Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on confidentiality without affecting integrity...

Jenkins 安全漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.540 and earlier and LTS 2.528.2 and earlier, which stems from an unmasked bui...

EUVD-2025-201845

Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on confidentiality without affecting integrity...

CVE-2025-42904

The CVE-2025-42904 entry describes an Information Disclosure vulnerability in SAP Application Server ABAP: an authenticated attacker could read unmasked values displayed in ABAP Lists, leading to high confidentiality impact with no listed impact on integrity or availability. Practically, this con...

CVE-2025-42904 Information Disclosure vulnerability in Application Server ABAP

Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on confidentiality without affecting integrity...

PT-2025-49772

Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on confidentiality without affecting integrity...

Jenkins ByteGuard Build Actions Plugin 安全漏洞

Jenkins ByteGuard Build Actions Plugin is an open source pipeline validation plugin for Jenkins. A security vulnerability exists in version 1.0 of the Jenkins ByteGuard Build Actions Plugin, which stems from an unmasked API token on a job configuration form, which could lead to an attacker...

EUVD-2022-42832

Malicious code in bioql PyPI...