Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Authentication, Insertion of Sensitive Information into Log File, Improper Encoding or Escaping of Output (CVE-2026-34500, CVE-2026-34487, CVE-2026-34483)

Summary There are vulnerabilities in tomcat-embed-core-10.1.52.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-34500, CVE-2026-34487, CVE-2026-34483. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-34483 DESCRIPTION: Improper Encoding or Escaping...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the str.lstrip function used for validating JWT tokens against Dag IDs. An attacker can gain unauthorized access to other Dags' log data by crafting JWT tokens that exploit character overlap in Dag names. Note...

CVE-2026-5515

CVE-2026-5515 affects IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0. The vulnerability arises because the product stores potentially sensitive information in log files that could be read by a local user, enabling confidential disclosure. Affected versions and remediation are documented by ...

PT-2026-37309

Name of the Vulnerable Software and Affected Versions YetAnotherForum.NET YAF.NET versions prior to 4.0.5 YetAnotherForum.NET YAF.NET versions prior to 3.2.12 Description Stored Cross-Site Scripting XSS occurs when attacker-controlled input is persisted and later rendered without proper...

IBM Tivoli Netcool Impact 日志信息泄露漏洞

IBM Tivoli Netcool Impact is a suite of network management software from International Business Machines IBM. The software has the ability to automate business-critical functions and provide a platform that provides unified access to real-time data, events and indicators. IBM Tivoli Netcool Impac...

EUVD-2024-55508

Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain sensitive information via access to log files. This issue affects IDM SCIM Driver: 1.0.0.0000 through...

CVE-2025-36187

CVE-2025-36187 is linked to IBM Knowledge Catalog Standard Cartridge. The IBM bulletin describes a vulnerability where the product stores potentially sensitive information in log files that could be read by a local privileged user ( CWE-532: Insertion of Sensitive Information into Log File ). Aff...

CVE-2026-1265

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file...

Brother Industries Brother MFPs security vulnerabilities

Brother Industries Brother MFPs is a multi-functional printer from the Japanese company Brother Industries. There are security vulnerabilities associated with Brother Industries Brother MFPs, which stem from hidden functions that may allow attackers to access sensitive information in the logs...

CVE-2025-40603

A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data...

SonicWall SMA100 Series 安全漏洞

SonicWall SMA100 Series is a security gateway appliance from SonicWall, Inc. A security vulnerability exists in the SonicWall SMA100 Series that stems from the potential exposure of sensitive information in log files, which could result in a remote authenticated administrator viewing some user...

EUVD-2014-4284

Malware in sbrugna...

Intel Local Manageability Service 日志信息泄露漏洞

Intel Local Manageability Service is a management engine from Intel Corporation USA designed to help IT administrators manage computers and devices in an organization over a local network or remote connection. A log information disclosure vulnerability exists in Intel Local Manageability Service...

CVE-2025-34064

A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket onelogin-adc-logs-production without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. The...

Vulnerabilities fixed in IBM QRadar SIEM

IBM has fixed vulnerabilities in IBM QRadar SIEM Specific to version 7.5.0 Update Package 12. The vulnerabilities include an ability for an authorized user to modify critical configuration files, which could lead to uploading malicious autoupdate files and executing arbitrary commands within the...

IBM OpenPages with Watson 安全漏洞

IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risk in financial activities by integrating, automatically identifying, measuring, monitoring,...

Astra Linux – Vulnerability in Zabbix

Setting the SMS media allows for setting the GSM modem file. This file is later used as a Linux device. But since everything is a file for Linux, it’s possible to set another file, such as a log file. In this case, Zabbixserver will attempt to communicate with it as a modem. As a result, the log...

IBM UrbanCode Deploy 日志信息泄露漏洞

IBM UrbanCode Deploy IBM UCD is a suite of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the automation of complex applicatio...

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...

Elastic Logstash Log Information Disclosure Vulnerability

Elastic Logstash is a suite of log analysis and monitoring tools from Dutch company Elastic. A security vulnerability exists in Elastic Logstash versions prior to 8.11.1, which stems from the fact that sensitive information can be recorded in Logstash logs under certain circumstances...