CVE-2026-45192

CVE-2026-45192 concerns Apache Airflow where a bug in GET /api/v2/connections/{connection_id} allowed an authenticated UI/API user with Connection-read permission to access secrets stored in a Connection's extra JSON blob that are not included in the redaction allowlist (DEFAULT_SENSITIVE_FIELDS)...

GHSA-5JJF-WCVF-923W Langflow has an Information Leak through Incomplete API Key Redaction

A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function removeapikeys/hasapiterms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiated...

CVE-2026-32609 Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials

Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not...

CVE-2026-32609 Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials

Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not...

CVE-2026-32609

CVE-2026-32609 (Glances) : The issue prime in Glances is incomplete redaction of secrets on API endpoints. The GHSA-gh4x fix redacted credentials on /api/v4/config via as_dict_secure(), but endpoints /api/v4/args and /api/v4/args/{item} still exposed the full command-line namespace (vars(self.arg...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the reindex request due to redacting certain fields from the body of rest requests in audit logs. An attacker can obtain sensitive information by triggering audit logs that capture...

CVE-2025-6711 Incomplete Redaction of Sensitive Information in MongoDB Server Logs

An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server logs when certain error conditions are encountered. This issue affects MongoDB Server v8.0 versions prior to 8.0.5, MongoDB Server v7.0 versions prior to 7.0.18 and MongoDB Server v6.0...

MongoDB -- Incomplete Redaction of Sensitive Information in MongoDB Server Logs

[email protected] reports: An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server logs when certain error conditions are encountered...

PT-2024-31051 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.7.1 macOS versions prior to 14.7.1 Description: The issue allows an app to potentially read sensitive location information due to inadequate redaction of sensitive information. Recommendations: For macOS versions...

PT-2024-31083 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.7.1 macOS versions prior to 14.7.1 Description: The issue allows an app to access sensitive user data due to inadequate redaction of sensitive information. Recommendations: For macOS versions prior to 13.7.1, update...