CVE-2026-8671

CVE-2026-8671 : The connected records describe an issue in Syslink Software AG Avantra for Linux and Windows where sensitive information can be inserted into log files, resulting in a resource leak exposure. Affected scope is Avantra older than 25.3.0. The CVSS 3.1 metrics indicate an adjacent at...

CVE-2026-8671 Log Files contain encrypted secrets

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0...

Avantra 安全漏洞

Avantra is a SAP software developed by the Avantra company. Versions of Avantra prior to 25.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the insertion of sensitive information into log files, which could lead to resource leaks...

PT-2026-42762

Name of the Vulnerable Software and Affected Versions Avantra versions prior to 25.3.0 Description An issue in syslink software AG Avantra on Linux and Windows allows the insertion of sensitive information into log files, leading to Resource Leak Exposure, which occurs when a system fails to...

PT-2026-42409

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.1.0 through 4.4.2 Description Netatalk inserts LDAP simple-bind passwords into log output in cleartext. This allows an attacker with access to the log files to obtain LDAP credentials. Recommendations Update to version 4.4....

IBM App Connect Enterprise Information Disclosure (7272270)

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenabl...

CVE-2026-25690

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an...

PT-2026-40114

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an...

IBM MQ 9.1 < 9.1.0.36 LTS / 9.2 < 9.2.0.42 LTS / 9.3 < 9.3.0.40 LTS / 9.3 < 9.4.5.1 CD / 9.4 < 9.4.0.21 LTS (7271936)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7271936 advisory. - IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0....

Security Bulletin: IBM MQ is vulnerable to a password disclosure vulnerability (CVE-2026-2607)

Summary IBM MQ has addressed a password disclosure vulnerability CVE-2026-2607 Vulnerability Details CVEID:CVE-2026-2607 DESCRIPTION: IBM MQ stores potentially sensitive information in log files that could be read by a local user. CWE:CWE-532: Insertion of Sensitive Information into Log File CVSS...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a confidential disclosure (CVE-2026-5515)

Summary Users of WS-Security with java 17 in IBM App Connect Enterprise are vulnerable to a confidential disclosure. Vulnerability Details CVEID:CVE-2026-5515 DESCRIPTION: IBM App Connect Enterprise stores potentially sensitive information in log files that could be read by a local user. CVSS...

Cisco Prime Infrastructure Information Disclosure Vulnerability

A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit...

Cisco Prime Infrastructure 安全漏洞

Cisco Prime Infrastructure is an application software developed by Cisco, Inc. in the United States. It is used to simplify the management of wireless and wired networks. There is a security vulnerability in Cisco Prime Infrastructure, which stems from insufficient authorization checks in the...

CVE-2026-7824

CVE-2026-7824 – PaperCut Hive (Ricoh) : In the PaperCut Hive Ricoh embedded application, enabling the diagnostic/Deep Logging mode causes administrative credentials to be recorded in plain text in log files. An attacker with administrative access to the PaperCut Hive management portal can remotel...

CVE-2026-7824

An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...

Malicious code in renderkitcore (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a66bf58bff553ec613604164eb60adcb89fcde468491b746838a6e2c18b0e3a0 Package is prepared to exfiltrate .log and .txt files to the target already associated with exfiltrating sensitive data. --- Category: MALICIOUS - The campaign...

MAL-2026-3214 Malicious code in renderkitcore (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a66bf58bff553ec613604164eb60adcb89fcde468491b746838a6e2c18b0e3a0 Package is prepared to exfiltrate .log and .txt files to the target already associated with exfiltrating sensitive data. --- Category: MALICIOUS - The campaign...

Malicious code in funkratov-renderkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 78b5f3b4a8756df49b4a5eb41647e9dd20328da005f95869f81447355e2f7880 Package is prepared to exfiltrate .log and .txt files to the target already associated with exfiltrating sensitive data. --- Category: MALICIOUS - The campaign...

CVE-2026-33448

CVE-2026-33448 describes a format-string vulnerability in the MacOS Secure Access client logging subsystem prior to 14.50. By controlling a modified server, an attacker can cause the client to dump a small portion of memory to log files, potentially exposing secrets. Affected product: Secure Acce...

CVE-2026-41465

ProjeQtor versions 7.0 through 12.4.3 contain a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal sequences before constructing file paths. Authenticated attackers can inject directory traversal...