8606 matches found
CVE-2026-24762
RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material access key, secret key, session token to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be...
CVE-2026-24762 RustFS Logs Sensitive Credentials in Plaintext
RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material access key, secret key, session token to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be...
CVE-2026-24762 RustFS Logs Sensitive Credentials in Plaintext
RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material access key, secret key, session token to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be...
EUVD-2026-5218
RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material access key, secret key, session token to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be...
CVE-2026-24762
RustFS exposes credentials in plaintext in logs across versions alpha.13–alpha.81 due to logging sensitive credential material (access key, secret key, session token) at INFO level. This information disclosure could allow internal or external log consumers to obtain credentials and compromise Rus...
CVE-2025-61639
A flaw was found in MediaWiki. This vulnerability, categorized as an Exposure of Sensitive Information to an Unauthorized Actor, allows an unauthorized individual to access sensitive data. The issue stems from how MediaWiki handles logging and recent changes, potentially leading to the disclosure...
CVE-2025-12773
A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade...
CVE-2025-61639
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This...
UBUNTU-CVE-2025-61639
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This...
PT-2026-5734
A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade...
Brocade SANnav 安全漏洞
Brocade SANnav is a storage area network management software developed by the American company Brocade. Versions of Brocade SANnav prior to 2.4.0a contained security vulnerabilities. These vulnerabilities stemmed from improper logging in the update-reports-purge-settings.sh script, which could le...
DNN DotNetNuke 跨站脚本漏洞
DNN DotNetNuke is a.NET platform content management system developed by DNN Corporation. Version 9.5 of DNN DotNetNuke contains a cross-site scripting vulnerability. This vulnerability arises from allowing ordinary users to upload malicious XML files containing executable scripts through the...
Deserialization of Untrusted Data
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via logging.FileHandler. An attacker can write empty files on the target filesystem by supplying a malicious...
GHSA-M7J5-R2P5-C39R picklescan vulnerable to arbitrary file create using logging.FileHandler
Summary Unsafe pickle deserialization allows unauthenticated attackers to perform Arbitrary File Creation. By chaining the logging.FileHandler class, an attacker can bypass RCE-focused blocklists to create empty files on the server. The vulnerability allows creating zero-byte files in arbitrary...
picklescan vulnerable to arbitrary file create using logging.FileHandler
Summary Unsafe pickle deserialization allows unauthenticated attackers to perform Arbitrary File Creation. By chaining the logging.FileHandler class, an attacker can bypass RCE-focused blocklists to create empty files on the server. The vulnerability allows creating zero-byte files in arbitrary...
SUSE CVE-2025-71183
In the Linux kernel, the following vulnerability has been resolved: btrfs: always detect conflicting inodes when logging inode refs After rename exchanging either with the rename exchange operation or regular renames in multiple non-atomic steps two inodes and at least one of them is a directory,...
SMCP: Secure Model Context Protocol
Agentic AI systems built around large language models LLMs are moving away from closed, single-model frameworks and toward open ecosystems that connect a variety of agents, external tools, and resources. The Model Context Protocol MCP has emerged as a standard to unify tool access, allowing agent...
GHSA-G9Q4-QJX4-2V7Q vulnerabilities
Vulnerabilities for packages: mc, opensearch-k8s-operator, flux-notification-controller, cosign, kine, flux-kustomize-controller, helm-operator, ingress-nginx-controller, mattermost, cilium-cli, helm-set-status, flux, bento, gitness, hubble, k8sgateway, vale, thanos-operator, scorecard, gorelease...
CVE-2025-61728 vulnerabilities
Vulnerabilities for packages: mc, opensearch-k8s-operator, flux-notification-controller, cosign, kine, flux-kustomize-controller, helm-operator, ingress-nginx-controller, mattermost, cilium-cli, helm-set-status, flux, bento, gitness, hubble, k8sgateway, vale, thanos-operator, scorecard, gorelease...
GHSA-GM9R-Q53W-2GH4 vulnerabilities
Vulnerabilities for packages: opensearch-k8s-operator, flux-notification-controller, actions-runner-controller, helm-operator, sbom-convert, cilium-cli, cloud-provider-aws, kubernetes-event-exporter, bento, ytt, terraform-docs, sops, kapp, goreleaser, crossplane-provider-aws-lambda,...