Mark Sagi-Kazar

2 exploits Active since Jun 2025
CVE-2025-11065 WRITEUP MEDIUM WRITEUP
github.com/go-viper/mapstructure/v2 - Info Disclosure
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.
CVSS 5.3
CVE-2025-52893 WRITEUP MEDIUM WRITEUP
Openbao < 2.3.0 - Log Information Exposure
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate from the earlier HCSEC-2025-09 / CVE-2025-4166. This issue has been fixed in OpenBao v2.3.0 and later. Like with HCSEC-2025-09, there is no known workaround except to ensure properly formatted requests from all clients.
CVSS 4.5