Search Vulnerabilities

Windows Recovery Environment Security Feature Bypass Vulnerability

Global vanishing does not completely remove user email

Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON

Anchorr Privilege Escalation: Jellyseerr User → Anchorr Admin via Stored XSS

Improper Removal of Sensitive Information Before Storage or Transfer in GitLab

Improper Removal of Sensitive Information Before Storage or Transfer in GitLab

tfplan2md has Sensitive Value Exposure in Generated Reports

Qemu-kvm: uefi-vars: information disclosure vulnerability in uefi_vars_write callback

Coolify leaksensitive information `email_change_code` in `/api/v1/teams/{team_id | current}/members` API endpoint

CBORDecoder reuse can leak shareable values across decode calls

URI Credential Leakage Bypass over CVE-2025-27221

Unintended temporary cached data included in a structure only copy intended to be empty of data

Exposure of SSH Private Keys in Remote Alert Handlers (Linux) Rule

Grype has a credential disclosure vulnerability in Grype JSON output

Zoom Clients - Improper Removal of Sensitive Information

Weblate leaks the IP of project members inviting users to assume reviewer roles in Audit log

Improper removal of sensitive information before storage or transfer in AMD Crash Defender could allow an attacker to obtain kernel address informa...

XWiki PDF export jobs store sensitive cookies unencrypted in job statuses

Contao discloses information in the news module

Directus doesn't redact tokens in Flow logs