8295 matches found
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013156)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013156 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: output extra debug info if we failed to find an inline backref BUG Syzbot reported several...
GHSA-WF66-MPHR-4C4R Apache Kafka exposes sensitive information in its DEBUG logs
Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...
EUVD-2026-23849
Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...
Apache Kafka exposes sensitive information in its DEBUG logs
Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...
CVE-2026-33558
Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...
CVE-2026-33558
CVE-2026-33558 affects Apache Kafka: the NetworkClient logs sensitive information at DEBUG level, exposing full requests/responses for certain APIs (AlterConfigsRequest, AlterUserScramCredentialsRequest, ExpireDelegationTokenRequest, IncrementalAlterConfigsRequest, RenewDelegationTokenRequest, Sa...
CVE-2026-33558 Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output
Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...
CVE-2026-33558 Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output
Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...
curl: Heap-buffer-overflow in `Curl_ssl_push_certinfo_len()` — sole bounds check is `DEBUGASSERT`
Summary Curlsslpushcertinfolen in lib/vtls/vtls.c uses DEBUGASSERTcertnum numofcerts as its only bounds check before writing a heap pointer into ci-certinfocertnum. DEBUGASSERT is a no-op in every release/production build lib/curlsetup.h:1084. Any mismatch between the count passed to...
Apache Kafka 安全漏洞
Apache Kafka is an open-source distributed streaming platform developed by the Apache Foundation in the United States. This platform enables the acquisition of real-time data, allowing for the creation of applications that can respond in real time to changes in data streams. There are security...
EUVD-2026-23498
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...
EUVD-2026-23478
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details e.g., SSH/RTTY status, assisting attackers in reconnaissance against the device...
CVE-2026-40461
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...
CVE-2026-32648
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details e.g., SSH/RTTY status, assisting attackers in reconnaissance against the device...
CVE-2026-31927
Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files e.g., /etc/shadow, enabling unauthorized SSH access when combined with debug‑setting changes...
CVE-2026-40461 Anviz Products Missing Authentication for Critical Function
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...
CVE-2026-40461 Anviz Products Missing Authentication for Critical Function
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...
CVE-2026-40461
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...
CVE-2026-40461
CVE-2026-40461 affects Anviz CX2 Lite and CX7. The flaw allows unauthenticated POST requests to modify debug settings (e.g., enabling SSH), causing unauthorized state changes that can facilitate later compromise. According to the provided documents, affected components are the devices’ debug/admi...
CVE-2026-32648
Affected products: Anviz CX2 Lite and CX7. The CVE-2026-32648 vulnerability allows unauthenticated access that discloses debug configuration details (e.g., SSH/RTTY status), aiding reconnaissance against the device. The available sources (NVD/NVD-based entries and ENISA EUVD) confirm the issue bu...