In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions, such as Viewers or Prompt Editors. This...

Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8.

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive informati...

Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through Metadata vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulne...

Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access

Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security seve...

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisation/` endpoint does not verify the user's organization, allowing any authenticat...

Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.

In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login (`POST /api/request-token`) and afte...

In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets...

The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-...

Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure...