Lucene search
K

226 matches found

Cvelist
Cvelist
added 2026/04/14 11:50 p.m.19 views

CVE-2026-40091 SpiceDB: SPICEDB_DATASTORE_CONN_URI is leaked on startup logs

SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions 1.49.0 through 1.51.0, when SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext password, inside...

6CVSS0.00166EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/14 10:33 p.m.6 views

SpiceDB's SPICEDB_DATASTORE_CONN_URI is leaked on startup logs

Impact When SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext password, inside DatastoreConfig.URI. Patches v1.51.1 Workarounds Change the log level to warn or error...

6CVSS5.8AI score0.00166EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32969

Name of the Vulnerable Software and Affected Versions SpiceDB versions 1.49.0 through 1.51.0 Description When the system starts with the log level set to info, the startup 'configuration' log exposes the full datastore DSN, including the plaintext password, within the DatastoreConfig.URI variable...

6CVSS5.9AI score0.00166EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.2 views

CVE-2026-32598

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log...

6.9CVSS5.8AI score0.00235EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/07 8:51 a.m.6 views

CVE-2026-24308

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...

5.8AI score0.01177EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/10 7:6 p.m.5 views

CVE-2026-0966

The API function sshgethexa is vulnerable, when 0-lenght input is provided to this function. This function is used internally in sshgetfingerprinthash and sshprinthexa deprecated, which is vulnerable to the same input length is provided by the calling application. The function is also used...

6.5CVSS6.5AI score0.00582EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/10 6:47 p.m.4 views

Buffer Underwrite (Buffer Underflow)

Overview Affected versions of this package are vulnerable to Buffer Underwrite Buffer Underflow in the sshgethexa function on invalid input. An attacker can cause a buffer underflow and potentially execute arbitrary code or crash the application by supplying specially crafted input. Workaround Th...

8.2CVSS7AI score0.00582EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/12/10 12:38 a.m.7 views

SUSE CVE-2022-50678

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed when setting random MAC address and causes invalid address access when printing the value of pi-reqsi-reqid. We replace reqs index...

5.5CVSS6.5AI score0.00225EPSS
Exploits0References10
EUVD
EUVD
added 2025/12/09 6:30 p.m.5 views

EUVD-2022-55727

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed when setting random MAC address and causes invalid address access when printing the value of pi-reqsi-reqid. We replace reqs index...

6AI score0.00225EPSS
Exploits0References9
NVD
NVD
added 2025/12/09 4:17 p.m.6 views

CVE-2022-50678

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed when setting random MAC address and causes invalid address access when printing the value of pi-reqsi-reqid. We replace reqs index...

0.00225EPSS
Exploits0References8
OSV
OSV
added 2025/12/09 4:17 p.m.3 views

DEBIAN-CVE-2022-50678

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed when setting random MAC address and causes invalid address access when printing the value of pi-reqsi-reqid. We replace reqs index...

5.3AI score0.00225EPSS
Exploits0References1
OSV
OSV
added 2025/12/09 4:17 p.m.12 views

UBUNTU-CVE-2022-50678

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed when setting random MAC address and causes invalid address access when printing the value of pi-reqsi-reqid. We replace reqs index...

5.9AI score0.00225EPSS
Exploits0References11
OSV
OSV
added 2025/12/09 1:29 a.m.5 views

CVE-2022-50678 wifi: brcmfmac: fix invalid address access when enabling SCAN log level

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed when setting random MAC address and causes invalid address access when printing the value of pi-reqsi-reqid. We replace reqs index...

6.4AI score0.00225EPSS
Exploits0References11
Cvelist
Cvelist
added 2025/12/09 1:29 a.m.30 views

CVE-2022-50678 wifi: brcmfmac: fix invalid address access when enabling SCAN log level

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed when setting random MAC address and causes invalid address access when printing the value of pi-reqsi-reqid. We replace reqs index...

0.00225EPSS
Exploits0References8
CVE
CVE
added 2025/12/09 1:29 a.m.11 views

CVE-2022-50678

CVE-2022-50678 affects the Linux kernel with the brcmfmac Wi‑Fi driver. The issue was an invalid address access when enabling SCAN log level, caused by a mis-indexed print of pi->reqs[i]->reqid after the variable i was changed while composing a random MAC address. The underlying bug was der...

6.1AI score0.00225EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2025/12/09 1:29 a.m.5 views

CVE-2022-50678

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed when setting random MAC address and causes invalid address access when printing the value of pi-reqsi-reqid. We replace reqs index...

5.3AI score0.00225EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.9 views

PT-2025-49709

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the brcmfmac module related to handling scan log levels. A change in the variable i during random MAC address setting can lead to invalid memory...

7.8CVSS7.2AI score0.00462EPSS
Exploits2References899
EUVD
EUVD
added 2025/11/24 10:9 p.m.6 views

EUVD-2025-199043

Malicious code in react-native-log-level npm...

6.6AI score
Exploits0References4
OSV
OSV
added 2025/11/24 10:9 p.m.10 views

MAL-2025-191000 Malicious code in react-native-log-level (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24d9b4b32f8ecb8d86fe3786c14e216538d2d25e1e3257627f186495dedaf9b1 The package react-native-log-level was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
Snyk
Snyk
added 2025/11/24 4:24 p.m.4 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Rows per page
Query Builder