Monthly
Stored API keys in CERT/CC's cveClient encrypt-storage.js are not marked as protected in browser temporary storage, enabling extraction of encryption credentials through JavaScript console access or error messages. Attackers with local access to a user's browser environment can retrieve sensitive API keys without authentication, affecting all versions before 1.1.15.
Server-Side Request Forgery (SSRF) in HAPI FHIR Validator HTTP service leaks authentication credentials for configured FHIR package registries to attacker-controlled domains. The unauthenticated `/loadIG` endpoint accepts arbitrary URLs, and a flawed `startsWith()` prefix matching logic in credential provider causes Bearer tokens, Basic auth, and API keys to be sent to domains like `packages.fhir.org.attacker.com` when legitimate servers like `packages.fhir.org` are configured. No public exploit identified at time of analysis, but EPSS score and detailed proof-of-concept in advisory indicate high weaponization potential. CVSS 9.3 (Critical) reflects scope change — stolen credentials compromise external FHIR registries and clinical data repositories beyond the vulnerable validator.
Cross-session credential leakage in awesome-llm-apps Streamlit-based GitHub MCP Agent allows unauthenticated users to retrieve previously stored API tokens and secrets from process-wide environment variables, compromising GitHub Personal Access Tokens and LLM API keys across concurrent session boundaries. The vulnerability stems from improper session isolation in a multi-user Streamlit application that persists credentials in os.environ without clearing them between user sessions, enabling attackers to escalate privileges and access private resources without authentication.
Credential exposure in OpenClaw gateway pairing mechanism allows remote attackers to extract and reuse long-lived shared gateway credentials embedded in pairing setup codes. Attackers who obtain QR codes or pairing tokens from chat logs, screenshots, or system logs can recover persistent gateway credentials intended for one-time use, enabling unauthorized gateway access without authentication. EPSS data not available; no public exploit identified at time of analysis. Affects OpenClaw versions prior to 2026.3.12.
GitHub Actions workflow artifacts in Wazuh version 4.12.0 expose GITHUB_TOKEN credentials that unauthenticated network attackers can extract and use within a limited time window to push malicious commits or alter release tags in the project repository. The vulnerability carries a CVSS 4.0 score of 8.3 with high integrity impact and low availability impact. No public exploit identified at time of analysis, though the vulnerability is classified under authentication bypass tags by VulnCheck.
OpenText Identity Manager versions up to 25.2 (v4.10.1) suffer from insecure cache handling that permits remote authenticated users to retrieve another user's session data, resulting in unauthorized information disclosure. An attacker with valid credentials can exploit this cache misconfiguration on both Windows and Linux deployments to access sensitive session information belonging to other authenticated users, compromising confidentiality of user sessions and potentially enabling lateral movement or privilege escalation attacks.
Saloon versions prior to v4 contain a Server-Side Request Forgery (SSRF) vulnerability in the resolveEndpoint method that allows attackers to redirect authenticated requests to arbitrary hosts. When user-controlled input is passed as an endpoint parameter containing an absolute URL (e.g., https://attacker.example.com), Saloon ignores the connector's base URL and sends the request directly to the attacker-controlled destination, potentially leaking authentication headers, cookies, and tokens. This vulnerability affects the Saloon PHP HTTP client library (composer package saloonphp/saloon) and requires immediate upgrade to v4 or later to remediate.
IBM Concert versions 1.0.0 through 2.2.0 contain a missing function-level access control vulnerability that allows local users to obtain sensitive information without authentication. An attacker with local system access can bypass authorization checks to read confidential data stored within the application. While the CVSS score of 5.1 indicates moderate severity, the lack of authentication requirements and local attack vector present a meaningful risk in multi-tenant or shared system environments.
IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain a credential protection vulnerability that allows authenticated attackers to extract sensitive information without requiring user interaction. An attacker with valid login credentials can exploit insufficiently protected credential storage mechanisms to obtain additional sensitive data, compromising confidentiality. A patch is available from IBM, and this vulnerability affects enterprise data integration infrastructure used by organizations managing information governance and metadata.
Checkmk exposes its session signing secret in configurations synchronized between remote and central sites, allowing a remote site administrator to forge valid session cookies and hijack user sessions on the central monitoring instance. This vulnerability affects Checkmk versions prior to 2.4.0p23, 2.3.0p45, and all 2.2.0 releases when configuration synchronization is enabled. An attacker with administrative privileges on a remote Checkmk site can leverage this exposure to impersonate any user, including central site administrators, potentially gaining complete control over the monitoring infrastructure.
Stored API keys in CERT/CC's cveClient encrypt-storage.js are not marked as protected in browser temporary storage, enabling extraction of encryption credentials through JavaScript console access or error messages. Attackers with local access to a user's browser environment can retrieve sensitive API keys without authentication, affecting all versions before 1.1.15.
Server-Side Request Forgery (SSRF) in HAPI FHIR Validator HTTP service leaks authentication credentials for configured FHIR package registries to attacker-controlled domains. The unauthenticated `/loadIG` endpoint accepts arbitrary URLs, and a flawed `startsWith()` prefix matching logic in credential provider causes Bearer tokens, Basic auth, and API keys to be sent to domains like `packages.fhir.org.attacker.com` when legitimate servers like `packages.fhir.org` are configured. No public exploit identified at time of analysis, but EPSS score and detailed proof-of-concept in advisory indicate high weaponization potential. CVSS 9.3 (Critical) reflects scope change — stolen credentials compromise external FHIR registries and clinical data repositories beyond the vulnerable validator.
Cross-session credential leakage in awesome-llm-apps Streamlit-based GitHub MCP Agent allows unauthenticated users to retrieve previously stored API tokens and secrets from process-wide environment variables, compromising GitHub Personal Access Tokens and LLM API keys across concurrent session boundaries. The vulnerability stems from improper session isolation in a multi-user Streamlit application that persists credentials in os.environ without clearing them between user sessions, enabling attackers to escalate privileges and access private resources without authentication.
Credential exposure in OpenClaw gateway pairing mechanism allows remote attackers to extract and reuse long-lived shared gateway credentials embedded in pairing setup codes. Attackers who obtain QR codes or pairing tokens from chat logs, screenshots, or system logs can recover persistent gateway credentials intended for one-time use, enabling unauthorized gateway access without authentication. EPSS data not available; no public exploit identified at time of analysis. Affects OpenClaw versions prior to 2026.3.12.
GitHub Actions workflow artifacts in Wazuh version 4.12.0 expose GITHUB_TOKEN credentials that unauthenticated network attackers can extract and use within a limited time window to push malicious commits or alter release tags in the project repository. The vulnerability carries a CVSS 4.0 score of 8.3 with high integrity impact and low availability impact. No public exploit identified at time of analysis, though the vulnerability is classified under authentication bypass tags by VulnCheck.
OpenText Identity Manager versions up to 25.2 (v4.10.1) suffer from insecure cache handling that permits remote authenticated users to retrieve another user's session data, resulting in unauthorized information disclosure. An attacker with valid credentials can exploit this cache misconfiguration on both Windows and Linux deployments to access sensitive session information belonging to other authenticated users, compromising confidentiality of user sessions and potentially enabling lateral movement or privilege escalation attacks.
Saloon versions prior to v4 contain a Server-Side Request Forgery (SSRF) vulnerability in the resolveEndpoint method that allows attackers to redirect authenticated requests to arbitrary hosts. When user-controlled input is passed as an endpoint parameter containing an absolute URL (e.g., https://attacker.example.com), Saloon ignores the connector's base URL and sends the request directly to the attacker-controlled destination, potentially leaking authentication headers, cookies, and tokens. This vulnerability affects the Saloon PHP HTTP client library (composer package saloonphp/saloon) and requires immediate upgrade to v4 or later to remediate.
IBM Concert versions 1.0.0 through 2.2.0 contain a missing function-level access control vulnerability that allows local users to obtain sensitive information without authentication. An attacker with local system access can bypass authorization checks to read confidential data stored within the application. While the CVSS score of 5.1 indicates moderate severity, the lack of authentication requirements and local attack vector present a meaningful risk in multi-tenant or shared system environments.
IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain a credential protection vulnerability that allows authenticated attackers to extract sensitive information without requiring user interaction. An attacker with valid login credentials can exploit insufficiently protected credential storage mechanisms to obtain additional sensitive data, compromising confidentiality. A patch is available from IBM, and this vulnerability affects enterprise data integration infrastructure used by organizations managing information governance and metadata.
Checkmk exposes its session signing secret in configurations synchronized between remote and central sites, allowing a remote site administrator to forge valid session cookies and hijack user sessions on the central monitoring instance. This vulnerability affects Checkmk versions prior to 2.4.0p23, 2.3.0p45, and all 2.2.0 releases when configuration synchronization is enabled. An attacker with administrative privileges on a remote Checkmk site can leverage this exposure to impersonate any user, including central site administrators, potentially gaining complete control over the monitoring infrastructure.