Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-42604 | 2025-04-23 | N/A | N/A | ||
| This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as response leading to disclosure of system related information. | |||||
| CVE-2025-2469 | 2025-04-11 | N/A | 3.7 LOW | ||
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users. | |||||
| CVE-2025-2877 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams. | |||||
| CVE-2025-31001 | 2025-04-01 | N/A | 7.5 HIGH | ||
| Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit allows Retrieve Embedded Sensitive Data. This issue affects GTM Kit: from n/a through 2.3.1. | |||||
| CVE-2025-1053 | 2025-02-14 | N/A | N/A | ||
| Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANnav. | |||||
| CVE-2025-20643 | 2 Google, Mediatek | 44 Android, Mt6739, Mt6761 and 41 more | 2025-02-04 | N/A | 3.9 LOW |
| In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2056. | |||||
| CVE-2024-45784 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially exposing critical data that could be exploited to compromise the security of the Airflow deployment. In version 2.10.3, secrets are now masked in task logs to prevent sensitive configuration variables from being exposed in the logging output. Users should upgrade to Airflow 2.10.3 or the latest version to eliminate this vulnerability. If you suspect that DAG authors could have logged the secret values to the logs and that your logs are not additionally protected, it is also recommended that you update those secrets. | |||||
| CVE-2024-38516 | 2024-11-21 | N/A | 8.8 HIGH | ||
| ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.22. | |||||
| CVE-2024-27179 | 2024-11-21 | N/A | 4.7 MEDIUM | ||
| Admin cookies are written in clear-text in logs. An attacker can retrieve them and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2023-4215 | 1 Advantech | 1 Webaccess | 2024-11-21 | N/A | 6.5 MEDIUM |
| Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials. | |||||
| CVE-2024-11217 | 2024-11-18 | N/A | 4.9 MEDIUM | ||
| A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options. | |||||