Apache Airflow 日志信息泄露漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 6.5.3, there was a vulnerability...

About the security content of iPadOS 17.7.11

About the security content of iPadOS 17.7.11 This document describes the security content of iPadOS 17.7.11. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

About the security content of iOS 15.8.8 and iPadOS 15.8.8

About the security content of iOS 15.8.8 and iPadOS 15.8.8 This document describes the security content of iOS 15.8.8 and iPadOS 15.8.8. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

PT-2026-39786

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A malicious app may be able to break out of its sandbox...

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

PT-2026-39578

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-elasticsearch versions prior to 6.5.3 Description The Elasticsearch logging provider writes the full host URL into task logs when configured with a host URL that embeds credentials. This allows any user with task-log...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017771)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017771 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Logging. Supported versions that are affected are 8.0.21 and prior. Difficult to exploit...

IoTGateway 跨站脚本漏洞

IoTGateway is a cross-platform industrial IoT gateway developed by Sam’s individual developer. It supports device connectivity and bidirectional data communication. Version 3.0.1 of IoTGateway contains a cross-site scripting vulnerability. This vulnerability stems from the logging function, which...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS prior to Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 contain security vulnerabilities due to logging issues, which may allow malicious applications to bypass the...

About the security content of iOS 16.7.16 and iPadOS 16.7.16

About the security content of iOS 16.7.16 and iPadOS 16.7.16 This document describes the security content of iOS 16.7.16 and iPadOS 16.7.16. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred...

CVE-2026-45179

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no...

CVE-2026-45179

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no...

EUVD-2026-28995

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no...

CVE-2026-45179 Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no...

CVE-2026-45179 Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no...

GHSA-C4RQ-3M3G-8WGX vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.3-rails, kube-logging-operator, ruby3.4-rails, ruby4.0-rails...

CVE-2026-41495 n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the...

EUVD-2026-28592

Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information...

CVE-2026-43377

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBDDEBUGAUTH logging is enabled, generatesmb3signingkey and generatesmb3encryptionkey log the session, signing, encryption, and decryption key bytes. Remo...

UBUNTU-CVE-2026-43377

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBDDEBUGAUTH logging is enabled, generatesmb3signingkey and generatesmb3encryptionkey log the session, signing, encryption, and decryption key bytes. Remo...