24 matches found
CVE-2026-45040
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUSTLOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...
n8n-MCP: Sensitive MCP tool-call arguments logged on authenticated requests in HTTP mode
Impact When n8n-mcp runs in HTTP transport mode, authenticated MCP tools/call requests had their full arguments and JSON-RPC params written to server logs by the request dispatcher and several sibling code paths before any redaction. When a tool call carries credential material — most notably...
GHSA-WG4G-395P-MQV3 n8n-MCP: Sensitive MCP tool-call arguments logged on authenticated requests in HTTP mode
Impact When n8n-mcp runs in HTTP transport mode, authenticated MCP tools/call requests had their full arguments and JSON-RPC params written to server logs by the request dispatcher and several sibling code paths before any redaction. When a tool call carries credential material — most notably...
CVE-2025-64650
CVE-2025-64650 affects IBM Storage Defender - Resiliency Service for versions 2.0.0–2.0.18, with a disclosed vulnerability where sensitive user credentials could be exposed in log files. The issue is documented across multiple sources (IBM Security Bulletin and Red Hat/EU ENISA entries) and is ti...
EUVD-2025-29648
Malicious code in bioql PyPI...
Palo Alto Networks Cortex XDR Microsoft 365 安全漏洞
Palo Alto Networks Cortex XDR Microsoft 365 is a security integration solution from Palo Alto Networks, Inc. A security vulnerability exists in Palo Alto Networks Cortex XDR Microsoft 365 that stems from the possibility that user credentials could be exposed in application logs, potentially leadi...
Linux Distros Unpatched Vulnerability : CVE-2023-31207
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Transmission of credentials within query parameters in Checkmk = 2.1.0p26, = 2.0.0p35, and = 2.2.0b6 beta may cause the automation user's secret to be written t...
Allocation of Resources Without Limits or Throttling
Overview org.apache.cxf:cxf-core is an an open source services framework. CXF helps you build and develop services using frontend programming APIs, like JAX-WS and JAX-RS. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through local storag...
OESA-2025-1257 undertow security update
Java web server using non-blocking IO Security Fixes: undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allow...
PT-2024-13336 · Ibm · Ibm Cloud Pak For Multicloud Management
Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Multicloud Management versions 2.3 through 2.3 FP8 Description: The issue concerns the storage of user credentials in log files in plain clear text, which can be accessed by a privileged user. This results in the exposure of...
PT-2024-4207 · Schneider Electric · Spacelogic As-B
Name of the Vulnerable Software and Affected Versions: Schneider Electric SpaceLogic AS-P and SpaceLogic AS-B affected versions not specified Description: The issue is related to the exposure of sensitive information, specifically SNMP credentials, through log files. This could allow a remote...
UBUNTU-CVE-2023-31417
Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is that sensitive information such as passwords...
GHSA-55VQ-XPJF-R2XC Lightbend Alpakka Kafka logs credentials on debug level
Lightbend Alpakka Kafka before 4.0.2 logs its configuration as debug information, and thus log files may contain credentials if plain cleartext login is configured. This occurs in akka.kafka.internal.KafkaConsumerActor...
RUSTSEC-2023-0125 Logs AWS credentials when TRACE-level logging is enabled
aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The awssigv4::SigningParams struct had a derived Debug implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security token in plaintext. When TRACE-level logging is...
TigerGraph 安全漏洞
TigerGraph is one of the world's fastest and most scalable graph analytics platforms from the TigerGraph community. Enabling real-time big data graph applications. A security vulnerability exists in TigerGraph Enterprise Free Edition 3.x series versions that stems from the fact that all...
ARC Informatique PcVue 日志信息泄露漏洞
ARC Informatique PcVue is a multifunctional HMI-SCADA software from ARC Informatique, France, an all-in-one solution that monitors all aspects of a customer's assets.PcVue is used in a wide range of applications such as industrial control, building management, energy management, smart grids, ener...
PT-2022-28196 · Etcd · Etcd
Name of the Vulnerable Software and Affected Versions: etcd affected versions not specified Description: The issue concerns data exposure due to the storage of user credentials in WAL entries on each user authentication. If the WAL log files are not secure, it can potentially expose sensitive...
NetModule Router Software 日志信息泄露漏洞
NetModule Router Software is a router for NetModule. A security vulnerability exists in NetModule Router Software due to the interface support for an optional "CLI-PHP" feature, which is essentially a PHP webshell that requires The vulnerability stems from the interface supporting an optional...
UBUNTU-CVE-2021-25284
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level...
npm: sensitive information exposure through logs
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://:@::/". The password value is not redacted and is printed to stdout and also to any generated log files...