Threats Tagged 'cwe-402'
View all threats tagged with 'cwe-402'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cwe-402'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2025-67745: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') in Aiven-Open myhoardCVE-2025-67745 0 MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null. Join the discussion | CVE Database V5 | 12/18/2025, 18:37:50 UTC Added: 12/18/2025, 18:56:30 UTC |
CVE-2025-66422: CWE-402 Transmission of Private Resources into a New Sphere ('Resource Leak') in Tryton trytondCVE-2025-66422 0 Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70. Join the discussion | CVE Database V5 | 11/30/2025, 00:00:00 UTC Added: 11/30/2025, 02:53:25 UTC |
CVE-2025-49618: CWE-402 Transmission of Private Resources into a New Sphere ('Resource Leak') in Plesk ObsidianCVE-2025-49618 0 In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint. Join the discussion | CVE Database V5 | 07/03/2025, 00:00:00 UTC Added: 07/03/2025, 12:39:32 UTC |
CVE-2025-52925: CWE-402 Transmission of Private Resources into a New Sphere ('Resource Leak') in OneLogin Active Directory ConnectorCVE-2025-52925 0 In One Identity OneLogin Active Directory Connector before 6.1.5, encryption of the DirectoryToken was mishandled, aka ST-812. Join the discussion | CVE Database V5 | 07/02/2025, 00:00:00 UTC Added: 07/02/2025, 03:39:43 UTC |
CVE-2025-48383: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') in codingjoe django-select2CVE-2025-48383 0 Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data. This issue has been patched in version 8.4.1. Join the discussion | CVE Database V5 | 05/27/2025, 15:03:10 UTC Added: 05/27/2025, 15:13:35 UTC |
Showing 1 to 5 of 5 results