Monthly
Apache OpenMeetings REST login endpoint exposes credentials through HTTP GET query parameters, enabling credential harvesting via browser history, server logs, referrer headers, and intermediate proxies. Affects versions 3.1.3 through 8.x. CVSS 7.5 HIGH reflects unauthenticated network-accessible information disclosure with no user interaction required. No public exploit identified at time of analysis, low observed exploitation activity (EPSS 0.02%).
Immich prior to version 2.6.0 discloses shared album passwords in cleartext within URL query parameters during authentication to /api/shared-links/me, exposing credentials to browser history, proxy logs, server logs, and HTTP referrer headers. An unauthenticated attacker with access to these logs or referrer data can obtain album passwords and compromise shared album access, affecting all installations using shared albums with password protection before the patch.
IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain an information disclosure vulnerability where sensitive data is exposed through HTTP GET query strings, allowing attackers with low privileges and network access to obtain confidential information via man-in-the-middle techniques. The CVSS score of 3.1 reflects low severity due to high attack complexity and limited privileges required, though the vulnerability has a patch available from IBM and represents a classic cleartext credential exposure risk in enterprise data integration platforms.
PinchTab versions 0.7.8 through 0.8.3 accept API authentication tokens via URL query parameters (?token=...) in addition to the Authorization header, creating an unsafe credential transport pattern that exposes tokens through intermediary logs, browser history, shell history, and clipboard history. While this is not a direct authentication bypass-an attacker must obtain the token from a secondary source-the vulnerability is compounded by first-party dashboard setup flows that generate and consume tokenized URLs, increasing practical exposure likelihood. The issue was resolved in version 0.8.4 by removing query-string token authentication entirely and enforcing header-based authentication.
Gainsight Assist contains an information disclosure vulnerability where user email addresses (PII) are exposed in base64-encoded format within the OAuth callback URL's state parameter. This affects all versions of Gainsight Assist and allows unauthenticated remote attackers to extract sensitive personal information with no user interaction required. The vulnerability has a CVSS score of 5.3 (moderate) with confirmed disclosure via Rapid7, and patch availability has been documented in vendor advisories.
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in...
Aspera Orchestrator versions up to 4.1.2 contains a vulnerability that allows attackers to information disclosure if unauthorized parties have access to the URLs via serve (CVSS 5.9).
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR. [CVSS 7.5 HIGH]
Gogs versions prior to 0.14.2 expose authentication tokens in URL parameters, allowing credentials to be captured through server logs, browser history, and HTTP referrer headers. This information disclosure vulnerability affects self-hosted Gogs instances and could enable attackers to gain unauthorized API access if tokens are leaked through these channels. A patch is available in version 0.14.2 and later.
An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . [CVSS 5.9 MEDIUM]
Apache OpenMeetings REST login endpoint exposes credentials through HTTP GET query parameters, enabling credential harvesting via browser history, server logs, referrer headers, and intermediate proxies. Affects versions 3.1.3 through 8.x. CVSS 7.5 HIGH reflects unauthenticated network-accessible information disclosure with no user interaction required. No public exploit identified at time of analysis, low observed exploitation activity (EPSS 0.02%).
Immich prior to version 2.6.0 discloses shared album passwords in cleartext within URL query parameters during authentication to /api/shared-links/me, exposing credentials to browser history, proxy logs, server logs, and HTTP referrer headers. An unauthenticated attacker with access to these logs or referrer data can obtain album passwords and compromise shared album access, affecting all installations using shared albums with password protection before the patch.
IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain an information disclosure vulnerability where sensitive data is exposed through HTTP GET query strings, allowing attackers with low privileges and network access to obtain confidential information via man-in-the-middle techniques. The CVSS score of 3.1 reflects low severity due to high attack complexity and limited privileges required, though the vulnerability has a patch available from IBM and represents a classic cleartext credential exposure risk in enterprise data integration platforms.
PinchTab versions 0.7.8 through 0.8.3 accept API authentication tokens via URL query parameters (?token=...) in addition to the Authorization header, creating an unsafe credential transport pattern that exposes tokens through intermediary logs, browser history, shell history, and clipboard history. While this is not a direct authentication bypass-an attacker must obtain the token from a secondary source-the vulnerability is compounded by first-party dashboard setup flows that generate and consume tokenized URLs, increasing practical exposure likelihood. The issue was resolved in version 0.8.4 by removing query-string token authentication entirely and enforcing header-based authentication.
Gainsight Assist contains an information disclosure vulnerability where user email addresses (PII) are exposed in base64-encoded format within the OAuth callback URL's state parameter. This affects all versions of Gainsight Assist and allows unauthenticated remote attackers to extract sensitive personal information with no user interaction required. The vulnerability has a CVSS score of 5.3 (moderate) with confirmed disclosure via Rapid7, and patch availability has been documented in vendor advisories.
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in...
Aspera Orchestrator versions up to 4.1.2 contains a vulnerability that allows attackers to information disclosure if unauthorized parties have access to the URLs via serve (CVSS 5.9).
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR. [CVSS 7.5 HIGH]
Gogs versions prior to 0.14.2 expose authentication tokens in URL parameters, allowing credentials to be captured through server logs, browser history, and HTTP referrer headers. This information disclosure vulnerability affects self-hosted Gogs instances and could enable attackers to gain unauthorized API access if tokens are leaked through these channels. A patch is available in version 0.14.2 and later.
An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . [CVSS 5.9 MEDIUM]