Lucene search
K

1274 matches found

Cvelist
Cvelist
added 2026/04/18 6:22 a.m.42 views

CVE-2026-32690 Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1

Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise please upgrade to...

0.00421EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/18 6:22 a.m.7 views

CVE-2026-32690 Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1

Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise please upgrade to...

5.8AI score0.00421EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/18 6:22 a.m.5 views

EUVD-2026-23666

Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise please upgrade to...

5.8AI score0.00421EPSS
Exploits0References2
CVE
CVE
added 2026/04/18 6:22 a.m.39 views

CVE-2026-32690

CVE-2026-32690 affects Apache Airflow 3.x before 3.2.0. The issue is that secrets stored in Variables as JSON dictionaries were not properly redacted; nested secret fields could be exposed when variables are retrieved. Affected patterns involve storing sensitive values in JSON form, and the root ...

3.7CVSS5.8AI score0.00421EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.12 views

PT-2026-33595

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.0 Description Secrets stored within variables as JSON dictionaries are not properly redacted. When a user retrieves these variables, secrets located in nested fields are not masked. Recommendations Upgrade ...

3.7CVSS5.8AI score0.00421EPSS
Exploits0References14
Github Security Blog
Github Security Blog
added 2026/04/17 9:47 p.m.11 views

OpenClaw: config.get redaction bypass through sourceConfig and runtimeConfig aliases

Summary config.get redaction bypass through sourceConfig and runtimeConfig aliases. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.14 Impact An authenticated gateway client with config read access could receive unredacted secrets through alias fiel...

7.1CVSS5.7AI score0.00333EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/04/17 9:47 p.m.17 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the sourceConfig and runtimeConfig alias fields, which were not properly redacted. An attacker can obtain sensitive...

7.1CVSS5.8AI score0.00333EPSS
Exploits0References2
OSV
OSV
added 2026/04/17 9:47 p.m.6 views

GHSA-8372-7VHW-CM6Q OpenClaw: config.get redaction bypass through sourceConfig and runtimeConfig aliases

Summary config.get redaction bypass through sourceConfig and runtimeConfig aliases. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.14 Impact An authenticated gateway client with config read access could receive unredacted secrets through alias fiel...

7.1CVSS5.7AI score0.00333EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.16 views

PT-2026-37014

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.14 Description A redaction bypass exists that allows authenticated gateway clients with config read access to receive unredacted secrets. This occurs through the sourceConfig and runtimeConfig alias fields,...

7.1CVSS5.8AI score0.00333EPSS
Exploits0References7
Snyk
Snyk
added 2026/04/16 9:0 p.m.6 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in redactval, whose secret value redaction sets maxdepth=1 and therefore does not properly extend to values in nested JSON objects. An attacker can see such nested JSON values responses...

6.3CVSS5.4AI score0.00421EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/16 9:33 a.m.11 views

Malicious code in @evoja-web/redaction (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6b4a72b65f3b4cc6345a711aad3f9282d9ec77958341be6861f2b355ff3f976 The package @evoja-web/redaction was found to contain malicious code...

5.7AI score
Exploits0
OSV
OSV
added 2026/04/16 9:33 a.m.7 views

MAL-2026-2712 Malicious code in @evoja-web/redaction (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6b4a72b65f3b4cc6345a711aad3f9282d9ec77958341be6861f2b355ff3f976 The package @evoja-web/redaction was found to contain malicious code...

5.7AI score
Exploits0
Snyk
Snyk
added 2026/04/16 1:20 a.m.5 views

Insertion of Sensitive Information into Log File

Overview langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File through the Client handling of events. An attacker can bypass redaction controls and...

6.3CVSS5.8AI score0.00214EPSS
Exploits0References3
OSV
OSV
added 2026/04/16 1:20 a.m.5 views

GHSA-RR7J-V2Q5-CHGV LangSmith SDK: Streaming token events bypass output redaction

Summary The LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When an LLM run produces streaming output, each chunk is recorded as a newtoken event containing the raw token value. These events bypass the redaction pipeline...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/16 1:20 a.m.6 views

LangSmith SDK: Streaming token events bypass output redaction

Summary The LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When an LLM run produces streaming output, each chunk is recorded as a newtoken event containing the raw token value. These events bypass the redaction pipeline...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.5 views

PT-2026-34593

Name of the Vulnerable Software and Affected Versions LangSmith JavaScript SDK versions prior to 0.5.19 LangSmith Python SDK versions prior to 0.7.31 Description Output redaction controls do not apply to streaming token events. When a Large Language Model run produces streaming output, each chunk...

5.3CVSS4.7AI score0.00214EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/04/14 11:14 p.m.11 views

Oxia exposes bearer token in debug log messages on authentication failure

Summary When OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. Impact An attacker with access to application logs e.g., via a...

8.7CVSS5.9AI score0.00308EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/14 11:14 p.m.6 views

GHSA-PM7Q-RJJX-979P Oxia exposes bearer token in debug log messages on authentication failure

Summary When OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. Impact An attacker with access to application logs e.g., via a...

8.7CVSS5.9AI score0.00308EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2026/04/07 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-43517

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access protected user data...

3.3CVSS5.7AI score0.0017EPSS
In wildExploits0References2
OSV
OSV
added 2026/04/04 6:12 a.m.3 views

GHSA-MVV8-V4JJ-G47J Directus: Sensitive fields exposed in revision history

Summary Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline, sensitive fields including user tokens, two-factor authentication secrets, external auth...

6.5CVSS5.8AI score0.0017EPSS
Exploits0References4
Rows per page
Query Builder