Total
111 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-34214 | 1 Trino | 1 Trino | 2026-04-06 | N/A | 7.7 HIGH |
| Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials (access key) or vended credentials (temporary access key) are accessible to users that have write privilege on SQL level. This issue has been patched in version 480. | |||||
| CVE-2026-32891 | 1 Openvessl | 1 Anchorr | 2026-03-27 | N/A | 9.0 CRITICAL |
| Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. Versions 1.4.1 and below contain a stored XSS vulnerability in the Jellyseerr user selector. Jellyseerr allows any account holder to execute arbitrary JavaScript in the Anchorr admin's browser session. The injected script calls the authenticated /api/config endpoint - which returns the full application configuration in plaintext. This allows the attacker to forge a valid Anchorr session token and gain full admin access to the dashboard with no knowledge of the admin password. The same response also exposes the API keys and tokens for every integrated service, resulting in simultaneous account takeover of the Jellyfin media server (via JELLYFIN_API_KEY), the Jellyseerr request manager (via JELLYSEERR_API_KEY), and the Discord bot (via DISCORD_TOKEN). This issue has been fixed in version 1.4.2. | |||||
| CVE-2025-61643 | 1 Mediawiki | 1 Mediawiki | 2026-03-25 | N/A | 6.1 MEDIUM |
| Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1. | |||||
| CVE-2026-1732 | 1 Gitlab | 1 Gitlab | 2026-03-13 | N/A | 4.3 MEDIUM |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose confidential issue titles due to improper filtering under certain circumstances. | |||||
| CVE-2026-1182 | 1 Gitlab | 1 Gitlab | 2026-03-13 | N/A | 4.3 MEDIUM |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances. | |||||
| CVE-2026-27640 | 1 Oocx | 1 Tfplan2md | 2026-03-04 | N/A | 7.5 HIGH |
| tfplan2md is software for converting Terraform plan JSON files into human-readable Markdown reports. Prior to version 1.26.1, a bug in tfplan2md affected several distinct rendering paths: AzApi resource body properties, AzureDevOps variable groups, Scriban template context variables, and hierarchical sensitivity detection. This caused reports to render values that should have been masked as "(sensitive)" instead. This issue is fixed in v1.26.1. No known workarounds are available. | |||||
| CVE-2022-2818 | 1 Agentejo | 1 Cockpit | 2026-02-25 | N/A | 9.8 CRITICAL |
| Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2. | |||||
| CVE-2022-1650 | 2 Debian, Eventsource | 2 Debian Linux, Eventsource | 2026-02-24 | 5.8 MEDIUM | 8.1 HIGH |
| Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2. | |||||
| CVE-2022-0536 | 1 Follow-redirects Project | 1 Follow-redirects | 2026-02-24 | 4.3 MEDIUM | 2.6 LOW |
| Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8. | |||||
| CVE-2022-0355 | 1 Simple-get Project | 1 Simple-get | 2026-02-24 | 5.0 MEDIUM | 8.8 HIGH |
| Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1. | |||||
| CVE-2025-14267 | 1 M-files | 1 M-files Server | 2026-02-23 | N/A | 4.9 MEDIUM |
| Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7 | |||||
| CVE-2025-62483 | 1 Zoom | 5 Meeting Software Development Kit, Rooms, Rooms Controller and 2 more | 2026-01-13 | N/A | 5.3 MEDIUM |
| Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access. | |||||
| CVE-2025-59955 | 1 Coollabs | 1 Coolify | 2026-01-12 | N/A | 5.7 MEDIUM |
| Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.8 have an information disclosure vulnerability in the `/api/v1/teams/{team_id}/members` and `/api/v1/teams/current/members` API endpoints allows authenticated team members to access a highly sensitive `email_change_code` from other users on the same team. This code is intended for a single-use email change verification and should be kept secret. Its exposure could enable a malicious actor to perform an unauthorized email address change on behalf of the victim. As of time of publication, no known patched versions exist. | |||||
| CVE-2025-68131 | 1 Agronholm | 1 Cbor2 | 2026-01-02 | N/A | 7.5 HIGH |
| cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag (28) persist in memory and can be accessed by subsequent CBOR messages using the sharedref tag (29). This allows an attacker-controlled message to read data from previously decoded messages if the decoder is reused across trust boundaries. Version 5.8.0 patches the issue. | |||||
| CVE-2025-65000 | 1 Checkmk | 1 Checkmk | 2025-12-23 | N/A | 5.3 MEDIUM |
| SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed. | |||||
| CVE-2025-64326 | 1 Weblate | 1 Weblate | 2025-12-04 | N/A | 2.6 LOW |
| Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed in version 5.14.1. | |||||
| CVE-2025-27221 | 1 Ruby-lang | 1 Uri | 2025-11-03 | N/A | 3.2 LOW |
| In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. | |||||
| CVE-2025-57757 | 1 Contao | 1 Contao | 2025-09-02 | N/A | 5.3 MEDIUM |
| Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not adding protected news archives to the news feed page. | |||||
| CVE-2025-58049 | 1 Xwiki | 1 Xwiki | 2025-09-02 | N/A | 5.8 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki shouldn't store passwords in plain text, and it shouldn't be possible to gain access to plain text passwords by gaining access to, e.g., a backup of the data directory. This vulnerability has been patched in XWiki 16.4.8, 16.10.7, and 17.4.0-rc-1. | |||||
| CVE-2025-33013 | 1 Ibm | 2 Mq Operator, Supplied Mq Advanced Container Images | 2025-08-22 | N/A | 6.2 MEDIUM |
| IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release. | |||||