Lucene search
K

227 matches found

RedhatCVE
RedhatCVE
added 15 hours ago7 views

CVE-2026-15574

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS6AI score
Exploits0References3
CVE
CVE
added 2026/07/06 8:45 a.m.16 views

CVE-2026-44934

SUSE Rancher AI Agent 1.0 before 1.0.2 contains an information disclosure when DEBUG loglevel is enabled, leaking API keys and LLM response text into logfiles. The issue affects local users with HIGH privileges and local attack vector; confidentiality and subsequent confidentiality are HIGH, whil...

7CVSS6AI score0.00119EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 6:30 p.m.2 views

GHSA-3M4Q-GGCJ-J6M4 Calico Inserts Sensitive Information into Log File

When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embeds every credential calicoctl uses to talk to the cluster — inline kubeconfig with bearer token,...

7.2CVSS5.8AI score0.00224EPSS
Exploits0References9
NVD
NVD
added 2026/05/28 5:16 p.m.14 views

CVE-2026-6720

When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embeds every credential calicoctl uses to talk to the cluster — inline kubeconfig with bearer token,...

7.2CVSS0.00224EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 7:16 p.m.22 views

CVE-2026-45046

Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...

5.5CVSS0.00106EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

gryph 安全漏洞

Gryph is an AI-based coding proxy activity auditing and debugging tool developed by SafeDep. Versions of Gryph prior to 0.7.0 contained security vulnerabilities. These vulnerabilities stemmed from the default log level being set to standard rather than minimum. As a result, sensitive file write...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fixed an issue where invalid address access occurred when enabling the SCAN log level. The variable i is changed when setting a random MAC address, causing invalid address access when printing the value of...

5.8AI score0.00225EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/19 3:40 p.m.19 views

fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode

When chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in plaintext. An attacker with access to the chaincode server logs could recover the TLS private key password. If the attacker can also obtain...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.16 views

PT-2026-41961

Name of the Vulnerable Software and Affected Versions fabric-chaincode-java versions 2.3.1 through 2.5.9 Description When chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in plaintext. An attacker...

5.5CVSS5.5AI score0.00106EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/11 9:20 p.m.9 views

Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content

Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive file-write content remains in the stored payload as ContentPreview,...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.26 views

PT-2026-39902

Name of the Vulnerable Software and Affected Versions Gryph versions prior to 0.7.0 Description Gryph implements logging levels to control content stored in a local sqlite database. The default log level is set to standard, although documentation incorrectly states it is minimal. At both standard...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013675)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013675 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed...

5.5AI score0.00225EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011044)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011044 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed...

5.9AI score0.00225EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/20 1:20 p.m.3 views

CVE-2026-33558 Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

5.7AI score0.00535EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007428)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007428 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix invalid address access when enabling SCAN log level The variable i is changed...

5.9AI score0.00225EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/16 9:17 p.m.7 views

CVE-2026-34164

Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data PII, citizen identifier...

4.9CVSS5.8AI score0.00366EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/04/16 9:17 p.m.11 views

CVE-2026-34164

CVE-2026-34164 concerns Valtimo, where the InboxHandlingService logged the full content of incoming inbox messages at INFO level across versions 13.0.0–13.21.0. This exposed sensitive data (PII, BSN, case details) to anyone with log access or admin UI users. The issue was fixed in 13.22.0: the lo...

4.9CVSS5.8AI score0.00366EPSS
Exploits0References5
OSV
OSV
added 2026/04/16 8:42 p.m.5 views

GHSA-HFRG-MCVW-8MCH Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService

Summary The InboxHandlingService logs the full content of every incoming inbox message at INFO level logger.info"Received message: ", message. Inbox messages are wrappers around outbox message data, which can contain highly sensitive information such as personal data PII, citizen identifiers BSN,...

4.9CVSS5.8AI score0.00366EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/16 4:32 p.m.6 views

CVE-2026-40091

A flaw was found in SpiceDB. When SpiceDB starts with log level info, the startup configuration log will expose the full datastore Data Source Name DSN, including the plaintext password. This vulnerability allows an attacker with access to these logs to obtain sensitive database credentials,...

6CVSS5.8AI score0.00166EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.4 views

PT-2026-33366

Name of the Vulnerable Software and Affected Versions Valtimo versions 13.0.0 through 13.21.0 Description The InboxHandlingService function handle in the inbox module logs the full content of every incoming inbox message at the INFO level. These messages may contain sensitive information, such as...

4.9CVSS5.8AI score0.00366EPSS
Exploits0References9
Rows per page
Query Builder