270 matches found
LiteLLM has SQL Injection in Proxy API key verification
Impact A database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route for example POST /chat/completions a...
CVE-2026-32982
OpenClaw prior to 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens. When media downloads fail, original Telegram file URLs (containing bot tokens) can be embedded in MediaFetchError strings and leaked to logs and error su...
CVE-2026-32982 OpenClaw < 2026.3.13 - Telegram Bot Token Exposure in Media Fetch Error Logs
OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError strings and leaked to lo...
CVE-2026-32982 OpenClaw < 2026.3.13 - Telegram Bot Token Exposure in Media Fetch Error Logs
OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError strings and leaked to lo...
CVE-2026-34056
OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks...
OpenEMR 安全漏洞
OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. OpenEMR versions 8.0.0.3 and earlier contain security...
CVE-2026-34056 OpenEMR has a Privilege Escalation that Allows a Low-Level User to View Admin-Only Data
OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks...
CVE-2026-34056 OpenEMR has a Privilege Escalation that Allows a Low-Level User to View Admin-Only Data
OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks...
PT-2026-28158
OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks...
OliveTin's email argument makes compliance harder, enables log injection
Summary The typeSafetyCheckEmail function in service/internal/executor/arguments.go calls log.Errorf on every invocation including when validation succeeds err == nil. This means every email address submitted by any user is written to the application's ERROR-level log unconditionally. Because the...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005778)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005778 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Free error logs of tracing instances When a tracing instance is removed, the error...
Elastic APM Server 8.x < 8.16.1 Information Disclosure (ESA-2024-41)
The version of Elastic APM Server installed on the remote host is 8.x prior to 8.16.1. It is, therefore, affected by an information disclosure vulnerability: - APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the...
CVE-2026-27003
OpenClaw is a personal AI assistant. Telegram bot tokens can appear in error messages and stack traces for example, when request URLs include https://api.telegram.org/bot/.... Prior to version 2026.2.15, OpenClaw logged these strings without redaction, which could leak the bot token into logs,...
CVE-2026-27003
OpenClaw is a personal AI assistant. Telegram bot tokens can appear in error messages and stack traces for example, when request URLs include https://api.telegram.org/bot/.... Prior to version 2026.2.15, OpenClaw logged these strings without redaction, which could leak the bot token into logs,...
CVE-2026-27003
OpenClaw is a personal AI assistant. Telegram bot tokens can appear in error messages and stack traces for example, when request URLs include https://api.telegram.org/bot/.... Prior to version 2026.2.15, OpenClaw logged these strings without redaction, which could leak the bot token into logs,...
CVE-2026-1727
The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an...
EUVD-2026-5560
The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an...
CVE-2026-1622
A flaw was found in Neo4j. The obfuscateliterals option in the query logs fails to extend redaction to error messages. When a query triggers an error, unredacted data, potentially containing sensitive literals, are exposed in the logs. This issue allows an attacker with access to the local log...
CVE-2026-1727 Information Disclosure via Bucket Squatting in Google Cloud Agentspace.
The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an...
CVE-2026-1727
The CVE-2026-1727 entry describes an information disclosure in the Agentspace service arising from the use of predictable Google Cloud Storage bucket names for error logs and temporary data staging during GCS imports and Cloud SQL interactions. This predictability enabled bucket squatting, where ...