89 matches found
CVE-2026-45554
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside...
CVE-2026-6720
When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embeds every credential calicoctl uses to talk to the cluster — inline kubeconfig with bearer token,...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the stderr output when verbose logging is enabled. An attacker can obtain sensitive cluster credentials by accessing the stderr stream, which may be exposed through CI job logs,...
CVE-2026-6720
When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embeds every credential calicoctl uses to talk to the cluster — inline kubeconfig with bearer token,...
CVE-2026-6720
Calico component calicoctl is affected. When run with --log-level=info or --log-level=debug, it prints the full contents of its loaded connection-configuration struct to stderr in a single log line, exposing credentials (inline kubeconfig with bearer token, Kubernetes API bearer token, etcd passw...
EUVD-2026-32932
When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embeds every credential calicoctl uses to talk to the cluster — inline kubeconfig with bearer token,...
CVE-2026-6720 Calicoctl leaks cluster credentials to stderr when verbose logging is enabled
When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embeds every credential calicoctl uses to talk to the cluster — inline kubeconfig with bearer token,...
CVE-2026-6720
When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embeds every credential calicoctl uses to talk to the cluster — inline kubeconfig with bearer token,...
CVE-2026-6720 Calicoctl leaks cluster credentials to stderr when verbose logging is enabled
When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embeds every credential calicoctl uses to talk to the cluster — inline kubeconfig with bearer token,...
PT-2026-44417
Name of the Vulnerable Software and Affected Versions calicoctl affected versions not specified Description When the client is invoked with --log-level=info or --log-level=debug, it prints the full contents of its loaded connection-configuration struct to stderr in a single log line. This struct...
PT-2026-42674
Summary The request-filtering-agent SSRF protection was non-functional in the four notification webhook plugins Slack, Discord, Mattermost, Teams because httpAgent / httpsAgent were passed as part of the request body rather than the axios config. An authenticated user with hook-creation permissio...
Astra Linux - уязвимость в cifs-utils
cifs-utils from version 6.14 onwards, with verbose logging, can cause an information leak when a file contains equal sign characters but is not a valid credentials file...
kube-router: BGP Peer Passwords Exposed in Logs at Verbose Logging Level
Summary When kube-router is configured with per-node BGP peer passwords using the kube-router.io/peer.passwords node annotation, and verbose logging is enabled --v=2 or higher, the raw Kubernetes node annotation map is logged verbatim — including the base64-encoded BGP MD5 passwords. Anyone with...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the logging process when verbose logging is enabled and per-node BGP peer passwords are configured via node annotations. An attacker can obtain sensitive credential information by...
GHSA-GV3V-2CPP-3PMQ Keycloak logs sensitive headers
A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern such as the pre-defined 'long' pattern, sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with read access to the log files can extract...
Keycloak logs sensitive headers
A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern such as the pre-defined 'long' pattern, sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with read access to the log files can extract...
CVE-2025-11537
A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern such as the pre-defined 'long' pattern, sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with read access to the log files can extract...
CVE-2025-11537
In CVE-2025-11537, a flaw in Keycloak causes sensitive headers (Authorization and Cookie) to be logged when the logging format uses verbose templates (e.g., the predefined 'long' pattern). An attacker with read access to log files can extract credentials (bearer tokens, session cookies) and imper...
CVE-2025-11537 Keycloak-server: sensitive headers shown in the http access logs
A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern such as the pre-defined 'long' pattern, sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with read access to the log files can extract...
unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)
The sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via JSON.stringify without sanitization, exposing secrets to shell history, CI/CD logs, and log...