329 matches found
Apache Kafka 安全漏洞
Apache Kafka is an open-source distributed streaming platform developed by the Apache Foundation in the United States. This platform enables the acquisition of real-time data, allowing for the creation of applications that can respond in real time to changes in data streams. There are security...
SUSE CVE-2026-27900
The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is exposed when debug/provider logs are...
CVE-2019-25605 EquityPandit 1.0 Insecure Logging Information Disclosure
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...
CVE-2026-3056
The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seraphaccelapi AJAX action with fn=LogClear in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with...
GO-2026-4562 Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure in github.com/linode/terraform-provider-linode
Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure in github.com/linode/terraform-provider-linode...
GHSA-5RC7-2JJ6-MP64 Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure
Impact The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, object storage data, and NodeBalancer TLS keys in debug logs without redaction. Important: Provider debug logging is not enabled by default. This issue is...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the provider debug logging. An attacker can obtain sensitive information such as passwords, StackScript content, and object storage data by accessing provider debug logs when it is...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the provider debug logging. An attacker can obtain sensitive information such as passwords, StackScript content, and object storage data by accessing provider debug logs when it is...
CVE-2026-27900
The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is exposed when debug/provider logs are...
CVE-2026-27900 Terraform Provider Debug Logs Vulnerable to Sensitive Information Exposure
The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is exposed when debug/provider logs are...
CVE-2026-27900
CVE-2026-27900 affects the Terraform Provider for Linode. Affected: versions prior to 3.9.0. Root cause: debug logs can expose sensitive data (passwords, StackScript content, object storage data) when debug/provider logging is explicitly enabled. The issue only occurs if debug logging is turned o...
CVE-2026-27900 Terraform Provider Debug Logs Vulnerable to Sensitive Information Exposure
The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is exposed when debug/provider logs are...
Terraform Provider for Linode 安全漏洞
Terraform Provider for Linode is an open-source plugin developed by Linode. Versions of Terraform Provider for Linode prior to version 3.9.0 contained a security vulnerability. This vulnerability stemmed from the fact that debug logs did not anonymize sensitive information, which could lead to...
PT-2026-22075
Name of the Vulnerable Software and Affected Versions Terraform Provider for Linode versions prior to 3.9.0 Description The Terraform Provider for Linode logged sensitive information, including passwords, StackScript content, and object storage data, in debug logs without redaction. This issue is...
Cleartext Storage of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in in Azure Compute Gallery, which writes MAA tokens in the debug log. Remediation Upgrade github.com/Microsoft/confidential-sidecar-containers/pkg/common to version 2.12 or higher. References ...
CVE-2026-25918
The CVE concerns the unity-cli tool (specifically the sign-package command in the package @rage-against-the-pixel/unity-cli). Before version 1.8.2, when invoked with --verbose, the command logs sensitive credentials in plaintext by serializing CLI arguments (including --email and --password) with...
CVE-2026-25511 Group-Office is vulnerable to SSRF and File Read in WOPI service discovery
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a full SSRF via the WOPI service discovery URL, including access to internal hosts/ports. The...
SUSE CVE-2017-18896
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint...
CVE-2022-23469
Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization heade...
CVE-2022-31162
Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret types to reduce the possibility of printing sensitive...