PT-2026-7777

Name of the Vulnerable Software and Affected Versions macOS versions prior to 26.3 Description A logging issue existed due to insufficient data redaction. This allowed a malicious application to potentially read sensitive location information. Recommendations Update to macOS version 26.3...

PT-2026-7757

Name of the Vulnerable Software and Affected Versions macOS versions prior to Sequoia 15.7.4 macOS versions prior to Tahoe 26.3 Description A logging issue allowed an application to potentially access sensitive user data due to insufficient data redaction. Recommendations Update to macOS Sequoia...

PT-2026-7791

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.3 iPadOS versions prior to 26.3 iOS versions prior to 18.7.5 iPadOS versions prior to 18.7.5 Description An application may be capable of listing the applications installed on a user's device. The issue was addressed b...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. There is a security vulnerability in Apple macOS, which stems from logging issues, potentially allowing applications to access sensitive user data. The following versions are affected: macOS...

PT-2026-7780

Name of the Vulnerable Software and Affected Versions watchOS versions prior to 26.3 iOS versions prior to 26.3 iPadOS versions prior to 26.3 tvOS versions prior to 26.3 macOS versions prior to Tahoe 26.3 Description A logging issue allowed potential viewing of sensitive user information due to...

PT-2026-27537

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.7 iPadOS versions prior to 18.7.7 macOS Sequoia versions prior to 15.7.5 macOS Sonoma versions prior to 14.8.5 macOS Tahoe versions prior to 26.3 visionOS versions prior to 26.3 iOS versions 26.3 iPadOS versions 26.3...

Malicious code in amplify-python-logging (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2e12fee1c4154d81de6e4575af21aa6a760da4f5694746264a2de50e2c5782fe Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-842 Malicious code in amplify-python-logging (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2e12fee1c4154d81de6e4575af21aa6a760da4f5694746264a2de50e2c5782fe Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Keycloak logs sensitive headers

A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern such as the pre-defined 'long' pattern, sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with read access to the log files can extract...

GHSA-GV3V-2CPP-3PMQ Keycloak logs sensitive headers

A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern such as the pre-defined 'long' pattern, sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with read access to the log files can extract...

CVE-2025-11537

A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern such as the pre-defined 'long' pattern, sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with read access to the log files can extract...

CVE-2025-11537

In CVE-2025-11537, a flaw in Keycloak causes sensitive headers (Authorization and Cookie) to be logged when the logging format uses verbose templates (e.g., the predefined 'long' pattern). An attacker with read access to log files can extract credentials (bearer tokens, session cookies) and imper...

CVE-2025-11537

A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern such as the pre-defined 'long' pattern, sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with read access to the log files can extract...

CVE-2025-11537 Keycloak-server: sensitive headers shown in the http access logs

A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern such as the pre-defined 'long' pattern, sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with read access to the log files can extract...

unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)

The sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via JSON.stringify without sanitization, exposing secrets to shell history, CI/CD logs, and log...

PT-2026-7261

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak where sensitive headers, including Authorization and Cookie, are disclosed in cleartext within log files when a verbose, user-supplied logging format—such as the...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability. This vulnerability arises when the log format is configured to include details for users, causing sensitive headers to be disclosed in plain text within the logs. This...

CVE-2026-25813

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...

CVE-2026-25918

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...

CVE-2026-25598

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the Harden-Runner GitHub Action Community Tier that allows outbound network connections to evade audit logging. Specifically, outbound traffi...