Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012947)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012947 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifsdebugdataprocshow Skip SMB sessions that are being...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006990)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006990 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: output extra debug info if we failed to find an inline backref BUG Syzbot reported several...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010879)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010879 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix DMA transfer direction When CONFIGDMAAPIDEBUG is selected, while running the...

PT-2026-34189

Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This...

oxia 日志信息泄露漏洞

Oxia is a distributed metadata storage and coordination system developed by Oxia. Versions of Oxia prior to 0.16.2 had a vulnerability related to log information leakage. This vulnerability occurred when OIDC authentication failed, resulting in the complete bearer token being recorded in plain te...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011369)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011369 advisory. In the Linux kernel, the following vulnerability has been resolved: LoongArch: cpuinfo: Fix a warning for CONFIGCPUMASKOFFSTACK When CONFIGCPUMASKOFFSTACK and...

Linux Distros Unpatched Vulnerability : CVE-2026-33558

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013156)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013156 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: output extra debug info if we failed to find an inline backref BUG Syzbot reported several...

GHSA-WF66-MPHR-4C4R Apache Kafka exposes sensitive information in its DEBUG logs

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

EUVD-2026-23849

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

Apache Kafka exposes sensitive information in its DEBUG logs

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

CVE-2026-33558

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

CVE-2026-33558

CVE-2026-33558 affects Apache Kafka: the NetworkClient logs sensitive information at DEBUG level, exposing full requests/responses for certain APIs (AlterConfigsRequest, AlterUserScramCredentialsRequest, ExpireDelegationTokenRequest, IncrementalAlterConfigsRequest, RenewDelegationTokenRequest, Sa...

CVE-2026-33558 Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

CVE-2026-33558 Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

curl: Heap-buffer-overflow in `Curl_ssl_push_certinfo_len()` — sole bounds check is `DEBUGASSERT`

Summary Curlsslpushcertinfolen in lib/vtls/vtls.c uses DEBUGASSERTcertnum numofcerts as its only bounds check before writing a heap pointer into ci-certinfocertnum. DEBUGASSERT is a no-op in every release/production build lib/curlsetup.h:1084. Any mismatch between the count passed to...

Apache Kafka 安全漏洞

Apache Kafka is an open-source distributed streaming platform developed by the Apache Foundation in the United States. This platform enables the acquisition of real-time data, allowing for the creation of applications that can respond in real time to changes in data streams. There are security...

EUVD-2026-23498

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...

EUVD-2026-23478

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details e.g., SSH/RTTY status, assisting attackers in reconnaissance against the device...

CVE-2026-40461

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...