CVE-2025-52490
An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output.
CVE-2025-49015
The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly e…
CVE-2024-56178
An issue was discovered in Couchbase Server 7.6.x through 7.6.3. A user with the security_admin_local role can create a new user in a group that has the admin role.