GHSA-MCH8-WF3H-6X88 Admidio writes session IDs and auto-login cookie values to application logs

Summary When debug logging is enabled, Session::setCookie logs full cookie values and Session::start logs the current session ID. In a real Admidio deployment this includes both the active session cookie and the persistent auto-login cookie. Anyone with access to the log sink can recover live...

Insertion of Sensitive Information into Log File

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the setCookie and start functions. An attacker can gain unauthorized access to...

Admidio writes session IDs and auto-login cookie values to application logs

Summary When debug logging is enabled, Session::setCookie logs full cookie values and Session::start logs the current session ID. In a real Admidio deployment this includes both the active session cookie and the persistent auto-login cookie. Anyone with access to the log sink can recover live...

PT-2026-45044

Summary When debug logging is enabled, Session::setCookie logs full cookie values and Session::start logs the current session ID. In a real Admidio deployment this includes both the active session cookie and the persistent auto-login cookie. Anyone with access to the log sink can recover live...

CVE-2026-45040

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUSTLOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...

CLSA-2026-1779533209 NetworkManager: Fix of CVE-2024-6501

CVE-2024-6501: NULL pointer dereference of n-lldprx in nmlldpneighborparse when DEBUG logging is enabled, leading to denial-of-service on malformed LLDP packets...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: crashdump: Do not log the bytes of the dm-crypt key in readkeyfromuserkeying. When debug logging is enabled, readkeyfromuserkeying logs the first 8 bytes of the key payload, thereby partially exposing the dm-crypt key. Stop loggi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fixed an issue where the peerid of 0 was not found when the connection was disconnected. There is a failure log for this issue, located at ath11kdprxprocessmonstatus. When debugmask is not set to ATH11KDBGDATA, no l...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath12k – Fixed NULL access in the assignchannelcontexthandler function. Currently, when the ath12kmacassignviftovdev function fails, the radio handle is accessed from the link VIF handle arvif for debugging purposes. Thi...

SUSE CVE-2026-43377

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBDDEBUGAUTH logging is enabled, generatesmb3signingkey and generatesmb3encryptionkey log the session, signing, encryption, and decryption key bytes. Remo...

Valtimo has sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer

Summary The LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers. When an error response is received, this information is included in the thrown...

CVE-2026-43377

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBDDEBUGAUTH logging is enabled, generatesmb3signingkey and generatesmb3encryptionkey log the session, signing, encryption, and decryption key bytes. Remo...

Astra Linux - уязвимость в ansible

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible...

Sensitive Information Disclosure

Apache Kafka is vulnerable to Sensitive Information Disclosure. The vulnerability is due to logging of sensitive request and response data at DEBUG level in the NetworkClient component, which allows an attacker with log access to obtain sensitive information...

CVE-2026-31543

A flaw was found in the Linux kernel. When debug logging is enabled, the readkeyfromuserkeying function logs the initial 8 bytes of the key payload. This action partially exposes the dm-crypt key, leading to information disclosure...

EUVD-2026-25436

In the Linux kernel, the following vulnerability has been resolved: crashdump: don't log dm-crypt key bytes in readkeyfromuserkeying When debug logging is enabled, readkeyfromuserkeying logs the first 8 bytes of the key payload and partially exposes the dm-crypt key. Stop logging any key bytes...

Linux Distros Unpatched Vulnerability : CVE-2026-31543

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crashdump: don't log dm-crypt key bytes in readkeyfromuserkeying When debug logging is enabled, readkeyfromuserkeying logs the first 8 bytes of the key payload...

CVE-2026-40945 Oxia: Bearer token exposed in debug log messages on authentication failure

Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This...

CVE-2026-40945

Oxia (metadata store/coordination system) is affected prior to version 0.16.2. When OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext, potentially exposing JWT tokens in application logs and any connected log aggregation systems if DEBUG logging is enabled in ...

EUVD-2026-24511

Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This...