Lucene search
K

329 matches found

CNNVD
CNNVD
added 2026/04/20 12:0 a.m.8 views

Apache Kafka 安全漏洞

Apache Kafka is an open-source distributed streaming platform developed by the Apache Foundation in the United States. This platform enables the acquisition of real-time data, allowing for the creation of applications that can respond in real time to changes in data streams. There are security...

5.3CVSS5.8AI score0.00535EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.5 views

SUSE CVE-2026-27900

The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is exposed when debug/provider logs are...

7.7CVSS6.1AI score0.00469EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/22 1:38 p.m.3 views

CVE-2019-25605 EquityPandit 1.0 Insecure Logging Information Disclosure

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...

8.7CVSS5.8AI score0.00273EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/04 11:22 a.m.2 views

CVE-2026-3056

The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seraphaccelapi AJAX action with fn=LogClear in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with...

4.3CVSS5.9AI score0.0025EPSS
Exploits0References5
OSV
OSV
added 2026/02/27 2:17 a.m.3 views

GO-2026-4562 Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure in github.com/linode/terraform-provider-linode

Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure in github.com/linode/terraform-provider-linode...

7.7CVSS5.8AI score0.00469EPSS
Exploits0References6
OSV
OSV
added 2026/02/26 8:0 p.m.6 views

GHSA-5RC7-2JJ6-MP64 Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure

Impact The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, object storage data, and NodeBalancer TLS keys in debug logs without redaction. Important: Provider debug logging is not enabled by default. This issue is...

5CVSS5.7AI score0.00469EPSS
Exploits0References7
Snyk
Snyk
added 2026/02/26 3:13 a.m.5 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the provider debug logging. An attacker can obtain sensitive information such as passwords, StackScript content, and object storage data by accessing provider debug logs when it is...

7.7CVSS5.9AI score0.00469EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/26 3:13 a.m.3 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the provider debug logging. An attacker can obtain sensitive information such as passwords, StackScript content, and object storage data by accessing provider debug logs when it is...

7.7CVSS5.9AI score0.00469EPSS
Exploits0References2
NVD
NVD
added 2026/02/26 2:16 a.m.4 views

CVE-2026-27900

The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is exposed when debug/provider logs are...

7.7CVSS0.00469EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/26 12:53 a.m.21 views

CVE-2026-27900 Terraform Provider Debug Logs Vulnerable to Sensitive Information Exposure

The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is exposed when debug/provider logs are...

5CVSS0.00469EPSS
Exploits0References4
CVE
CVE
added 2026/02/26 12:53 a.m.15 views

CVE-2026-27900

CVE-2026-27900 affects the Terraform Provider for Linode. Affected: versions prior to 3.9.0. Root cause: debug logs can expose sensitive data (passwords, StackScript content, object storage data) when debug/provider logging is explicitly enabled. The issue only occurs if debug logging is turned o...

7.7CVSS5.5AI score0.00469EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/26 12:53 a.m.4 views

CVE-2026-27900 Terraform Provider Debug Logs Vulnerable to Sensitive Information Exposure

The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is exposed when debug/provider logs are...

5CVSS5.5AI score0.00469EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.8 views

Terraform Provider for Linode 安全漏洞

Terraform Provider for Linode is an open-source plugin developed by Linode. Versions of Terraform Provider for Linode prior to version 3.9.0 contained a security vulnerability. This vulnerability stemmed from the fact that debug logs did not anonymize sensitive information, which could lead to...

7.7CVSS7.3AI score0.00469EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.8 views

PT-2026-22075

Name of the Vulnerable Software and Affected Versions Terraform Provider for Linode versions prior to 3.9.0 Description The Terraform Provider for Linode logged sensitive information, including passwords, StackScript content, and object storage data, in debug logs without redaction. This issue is...

9.9CVSS5.8AI score0.22162EPSS
Exploits68References146
Snyk
Snyk
added 2026/02/10 6:55 p.m.4 views

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in in Azure Compute Gallery, which writes MAA tokens in the debug log. Remediation Upgrade github.com/Microsoft/confidential-sidecar-containers/pkg/common to version 2.12 or higher. References ...

7.1CVSS5.5AI score0.00954EPSS
Exploits0References2
CVE
CVE
added 2026/02/09 9:29 p.m.12 views

CVE-2026-25918

The CVE concerns the unity-cli tool (specifically the sign-package command in the package @rage-against-the-pixel/unity-cli). Before version 1.8.2, when invoked with --verbose, the command logs sensitive credentials in plaintext by serializing CLI arguments (including --email and --password) with...

5.9CVSS5.6AI score0.00132EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/04 8:40 p.m.5 views

CVE-2026-25511 Group-Office is vulnerable to SSRF and File Read in WOPI service discovery

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a full SSRF via the WOPI service discovery URL, including access to internal hosts/ports. The...

8.2CVSS5.4AI score0.00396EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/01/17 12:51 a.m.7 views

SUSE CVE-2017-18896

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint...

5.3CVSS6.9AI score0.00769EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:54 a.m.7 views

CVE-2022-23469

Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization heade...

6.5CVSS6.6AI score0.00977EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.18 views

CVE-2022-31162

Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret types to reduce the possibility of printing sensitive...

7.5CVSS6.2AI score0.00739EPSS
Exploits0References1
Rows per page
Query Builder