227 matches found
CVE-2026-15574
A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...
CVE-2026-44934
SUSE Rancher AI Agent 1.0 before 1.0.2 contains an information disclosure when DEBUG loglevel is enabled, leaking API keys and LLM response text into logfiles. The issue affects local users with HIGH privileges and local attack vector; confidentiality and subsequent confidentiality are HIGH, whil...
GHSA-3M4Q-GGCJ-J6M4 Calico Inserts Sensitive Information into Log File
When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embeds every credential calicoctl uses to talk to the cluster — inline kubeconfig with bearer token,...
CVE-2026-6720
When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embeds every credential calicoctl uses to talk to the cluster — inline kubeconfig with bearer token,...
CVE-2026-45046
Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...
gryph 安全漏洞
Gryph is an AI-based coding proxy activity auditing and debugging tool developed by SafeDep. Versions of Gryph prior to 0.7.0 contained security vulnerabilities. These vulnerabilities stemmed from the default log level being set to standard rather than minimum. As a result, sensitive file write...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fixed an issue where invalid address access occurred when enabling the SCAN log level. The variable i is changed when setting a random MAC address, causing invalid address access when printing the value of...
fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode
When chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in plaintext. An attacker with access to the chaincode server logs could recover the TLS private key password. If the attacker can also obtain...
PT-2026-41961
Name of the Vulnerable Software and Affected Versions fabric-chaincode-java versions 2.3.1 through 2.5.9 Description When chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in plaintext. An attacker...
Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content
Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive file-write content remains in the stored payload as ContentPreview,...
PT-2026-39902
Name of the Vulnerable Software and Affected Versions Gryph versions prior to 0.7.0 Description Gryph implements logging levels to control content stored in a local sqlite database. The default log level is set to standard, although documentation incorrectly states it is minimal. At both standard...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013675)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013675 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011044)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011044 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed...
CVE-2026-33558 Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output
Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007428)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007428 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed...
CVE-2026-34164
Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data PII, citizen identifier...
CVE-2026-34164
CVE-2026-34164 concerns Valtimo, where the InboxHandlingService logged the full content of incoming inbox messages at INFO level across versions 13.0.0–13.21.0. This exposed sensitive data (PII, BSN, case details) to anyone with log access or admin UI users. The issue was fixed in 13.22.0: the lo...
GHSA-HFRG-MCVW-8MCH Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService
Summary The InboxHandlingService logs the full content of every incoming inbox message at INFO level logger.info"Received message: ", message. Inbox messages are wrappers around outbox message data, which can contain highly sensitive information such as personal data PII, citizen identifiers BSN,...
CVE-2026-40091
A flaw was found in SpiceDB. When SpiceDB starts with log level info, the startup configuration log will expose the full datastore Data Source Name DSN, including the plaintext password. This vulnerability allows an attacker with access to these logs to obtain sensitive database credentials,...
PT-2026-33366
Name of the Vulnerable Software and Affected Versions Valtimo versions 13.0.0 through 13.21.0 Description The InboxHandlingService function handle in the inbox module logs the full content of every incoming inbox message at the INFO level. These messages may contain sensitive information, such as...