Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale Container Storage Interface (CSI) are now fixed in Storage Scale Container Native 5.2.3.8 / CSI 2.14.7 and Storage Scale Container Native 6.0.1.0 / CSI 3.1.0 or higher

Summary The following vulnerabilities, which can affect IBM Storage Scale Container Storage Interface CSI CVE-2026-9167 are now fixed in Storage Scale Container Native 5.2.3.8 / CSI 2.14.7 or higher and Storage Scale Container Native 6.0.1.0 / CSI 3.1.0 or higher. Vulnerability Details...

China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade

Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which tracks the group as Velvet Ant , says it backdoored the PAM and OpenSSH components that decide who is allowed to sign i...

Linux Distros Unpatched Vulnerability : CVE-2026-43377

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBDDEBUGAUTH logging is enabled, generatesmb3signingkey and generatesmb3encryptionkey...

CVE-2026-43377

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBDDEBUGAUTH logging is enabled, generatesmb3signingkey and generatesmb3encryptionkey log the session, signing, encryption, and decryption key bytes. Remo...

CVE-2026-24762 RustFS Logs Sensitive Credentials in Plaintext

RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material access key, secret key, session token to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be...

NETGEAR WAX610和NETGEAR WAX610Y 安全漏洞

The NETGEAR WAX610 and NETGEAR WAX610Y are both wireless access points from NETGEAR. A security vulnerability exists in the NETGEAR WAX610 and NETGEAR WAX610Y versions prior to 10.8.11.4, which stems from login credentials being incorrectly logged to the logs, potentially leading to credential...

EUVD-2016-10671

Malware in sbrugna...

EUVD-2019-6301

Malware in sbrugna...

EUVD-2021-26745

Malware in sbrugna...

EUVD-2019-17149

Malware in sbrugna...

EUVD-2014-8567

Malware in sbrugna...

EUVD-2019-0876

Malware in sbrugna...

EUVD-2024-16694

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-25284

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. CVE-2021-25284 Note tha...

CVE-2025-0936

On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers i.e...

PT-2025-20313 · Arista · Arista Eos

Name of the Vulnerable Software and Affected Versions: Arista EOS affected versions not specified Description: On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server...

CVE-2025-25184 Possible Log Injection in Rack::CommonLogger

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious conten...

CVE-2024-11923 Sensitive Information Disclosure in Fortra Application Hub Prior to version 1.3

Under certain log settings the IAM or CORE service will log credentials in the iam logfile in Fortra Application Hub Formerly named Helpsystems One prior to version 1.3...

PcVue 安全漏洞

PcVue is a reliable, secure, and powerful operational software platform from PcVue, Inc. dedicated to monitoring and controlling applications in markets such as building and campus management. A security vulnerability exists in PcVue that stems from user credentials login and password being...

PT-2024-15915 · Microsoft · Windows +1

Name of the Vulnerable Software and Affected Versions: C•CURE 9000 Web Server affected versions not specified Microsoft Internet Information Server IIS affected versions not specified Description: Under certain circumstances, the Microsoft Internet Information Server IIS used to host the C•CURE...