8671 matches found
CVE-2026-15574
The CVE-2026-15574 issue affects the vllm-orchestrator-gateway component, where the production binary logs incoming authorization headers and full chat payloads, potentially exposing PII, secrets, bearer tokens, and conversation content. This data exposure arises from a hard-coded debug/default l...
CVE-2026-15574
A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...
Kibana 8.x < 8.18.9 / 8.19.x < 8.19.6 / 9.0.x < 9.0.8 / 9.1.x < 9.1.6 Information Disclosure (ESA-2026-50)
The version of Kibana installed on the remote host is 8.x prior to 8.18.9, 8.19.x prior to 8.19.6, 9.0.x prior to 9.0.8, or 9.1.x prior to 9.1.6. It is, therefore, affected by an information disclosure vulnerability: - Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to...
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging
A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML outpu...
CVE-2026-31984
A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. An unauthenticated attacker can submit requests containing excessively large input that is recorded into...
EUVD-2026-42534
A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. An unauthenticated attacker can submit requests containing excessively large input that is recorded into...
CVE-2026-31984
A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. An unauthenticated attacker can submit requests containing excessively large input that is recorded into...
CVE-2026-15168
A flaw was found in Wireshark. The BLF Binary Logging Format file parser allows for possible information disclosure. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted BLF file, leading to the disclosure of sensitive information...
dnsmasq < 2.93 Heap-Based Buffer Overflow (CVE-2026-12725)
The version of dnsmasq installed on the remote host is prior to 2.93. It is, therefore, affected by a heap-based buffer overflow vulnerability. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause...
CVE-2026-45045
Fiber (GoFiber) is affected by a vulnerability in BalancerForward where the proxy injects X-Real-IP using Header.Add() instead of Header.Set(), allowing an attacker-supplied value to be forwarded to upstreams. Affected versions before 3.3.0 and 2.52.14 are impacted; the issue is fixed in 3.3.0 an...
CVE-2026-59897
Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware o...
CVE-2026-59897 Hono: API Gateway v1 adapter can drop a distinct repeated request header value during de-duplication
Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware o...
CVE-2026-44934
A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials...
EUVD-2026-41858
A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials...
CVE-2026-44934
A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials...
CVE-2026-44162 vulnerabilities
Vulnerabilities for packages: kube-logging-operator...
GHSA-XV9W-7V6Q-HPJH vulnerabilities
Vulnerabilities for packages: kube-logging-operator...
GHSA-XV9W-7V6Q-HPJH vulnerabilities
Vulnerabilities for packages: kube-logging-operator...
CVE-2026-44162 vulnerabilities
Vulnerabilities for packages: kube-logging-operator...
Apache ZooKeeper: Apache ZooKeeper: Information disclosure via improper handling of configuration values
A flaw was found in Apache ZooKeeper. Improper handling of configuration values in ZKConfig allows an attacker to expose sensitive information. This occurs when sensitive client configuration values are logged at an INFO level in the client's logfile. This vulnerability can lead to information...