F5 Networks BIG-IP : iControl REST vulnerability (K000158070)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4. It is, therefore, affected by a vulnerability as referenced in the K000158070 advisory. When BIG-IP DNS is provisioned, a vulnerability exists in thegtmaddandbigipaddiControl REST commands that return...

CVE-2026-20209 Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user. This vulnerability exists because sensitive...

CVE-2026-28758 BIG-IP iControl REST vulnerability

When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to...

K000158070: iControl REST vulnerability CVE-2026-28758

Security Advisory Description When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged,...

PT-2026-40633

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 Description When BIG-IP DNS is provisioned, the 'gtm add' and 'bigip add' iControl REST commands return the ssh-password parameter in cleartext within the iControl REST...

GHSA-PRH4-VHFH-24MJ Harbor: LDAP password and OIDC secret are not redacted in the audit log

Impact Harbor write configuration payload to audit log when configuration change, the ldapsearchpassword and oidcclientsecret will be logged in the audit log without redacted Patches Harbor v2.15.0, v2.14.3, v2.13.5 Workarounds Disable audit log configure event in Harbor Web Console: Go to...

Insertion of Sensitive Information Into Sent Data

Overview apache-airflow is a platform to programmatically author, schedule, and monitor workflows. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the form of connection secrets handled by buildmetrics being logged in the audit log. A user...

MiracleLinux 7 : rh-mariadb103-mariadb (AXSA:2022-3123:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3123:01 advisory. mysql: Server: DML unspecified vulnerability CPU Apr 2021 CVE-2021-2154 mysql: Server: DML unspecified vulnerability CPU Apr 2021 CVE-2021-2166 mysq...

CVE-2025-22176

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view audit log items...

CVE-2025-62705

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64,...

EUVD-2025-35626

OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted HMAC'd. This impacts those using the ACME functionality of PKI, resulting in...

CVE-2025-62513

OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted HMAC'd. This impacts those using the ACME functionality of PKI, resulting in...

EUVD-2016-5170

Malware in sbrugna...

EUVD-2024-37649

Malicious code in bioql PyPI...

UBUNTU-CVE-2024-38862

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p18, 2.2.0p35, 2.1.0p48 and =2.0.0p39 EOL causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators...

PT-2024-38780 · Xcc · Xcc

Name of the Vulnerable Software and Affected Versions: XCC affected versions not specified Description: The issue concerns the exposure of IPMI credentials in XCC audit log entries. This occurs when the account username length is 16 characters. Recommendations: At the moment, there is no...

Nozomi Networks Guardian/CMC 安全漏洞

Nozomi Networks Guardian/CMC is a centralized management console from Nozomi Networks, USA. A security vulnerability exists in Nozomi Networks Guardian/CMC versions prior to v23.4.1 that stems from an audit log of an OpenAPI request that may contain sensitive information, which could lead to...

PT-2022-24920 · Unknown · Dependency-Track

Name of the Vulnerable Software and Affected Versions: Dependency-Track versions prior to 4.6.0 Description: The issue allows actors with access to the audit log to exploit a flaw and gain access to valid API keys. This occurs when an API request is made using a valid API key with insufficient...

CVE-2019-16388

PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/randomtoken/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and th...

JBossSX/PicketBox: World readable audit.log file

It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in t...