Lucene search
K

98 matches found

OSV
OSV
added 2026/06/09 11:17 p.m.4 views

UBUNTU-CVE-2026-9735

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS5.3AI score0.00119EPSS
Exploits0References3
OSV
OSV
added 2026/05/19 3:40 p.m.7 views

GHSA-WG5X-3G47-V38R fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode

When chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in plaintext. An attacker with access to the chaincode server logs could recover the TLS private key password. If the attacker can also obtain...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 12:8 a.m.56 views

CVE-2026-8200 Schema validation log messages may not redact user data

When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...

4.8CVSS0.00204EPSS
Exploits0References1
MongoDB
MongoDB
added 2026/05/13 12:8 a.m.16 views

Schema validation log messages may not redact user data

When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/14 11:14 p.m.6 views

GHSA-PM7Q-RJJX-979P Oxia exposes bearer token in debug log messages on authentication failure

Summary When OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. Impact An attacker with access to application logs e.g., via a...

8.7CVSS5.9AI score0.00308EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2026/04/07 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-43517

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access protected user data...

3.3CVSS5.7AI score0.0017EPSS
In wildExploits0References2
NVD
NVD
added 2026/03/25 1:17 a.m.3 views

CVE-2026-28862

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

5.3CVSS0.00789EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/25 12:32 a.m.1 views

CVE-2026-28862

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

5.8AI score0.00789EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/25 12:32 a.m.25 views

CVE-2026-28862

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

0.00789EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.6 views

PT-2026-27585

Name of the Vulnerable Software and Affected Versions macOS versions prior to 15.7.5 macOS versions prior to 14.8.5 macOS versions prior to 26.4 Description An issue related to the handling of private data in log entries was identified. Specifically, an application could potentially access...

5.3CVSS5.7AI score0.00789EPSS
Exploits0References6
NVD
NVD
added 2026/03/07 3:15 p.m.6 views

CVE-2026-29184

Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. This issue has been patched in version 3.1.4...

6.5CVSS0.00262EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/07 3:3 p.m.4 views

CVE-2026-29184

Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. This issue has been patched in version 3.1.4...

2CVSS5.7AI score0.00262EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/07 3:3 p.m.2 views

CVE-2026-29184 @backstage/plugin-scaffolder-backend: Potential Session Token Exfiltration via Log Redaction Bypass

Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. This issue has been patched in version 3.1.4...

2CVSS5.7AI score0.00262EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/07 3:3 p.m.31 views

CVE-2026-29184 @backstage/plugin-scaffolder-backend: Potential Session Token Exfiltration via Log Redaction Bypass

Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. This issue has been patched in version 3.1.4...

2CVSS0.00262EPSS
Exploits0References1
CVE
CVE
added 2026/03/07 3:3 p.m.12 views

CVE-2026-29184

Summary: CVE-2026-29184 affects Backstage, specifically the @backstage/plugin-scaffolder-backend. Before version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism, enabling exfiltration of secrets from task event logs. The issue is addressed in version 3.1.4. What is a...

6.5CVSS5.7AI score0.00262EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/07 3:3 p.m.2 views

CVE-2026-29184 @backstage/plugin-scaffolder-backend: Potential Session Token Exfiltration via Log Redaction Bypass

Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. This issue has been patched in version 3.1.4...

2CVSS5.7AI score0.00262EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/05 12:23 a.m.7 views

Insertion of Sensitive Information into Log File

Overview @backstage/plugin-scaffolder-backend is a The Backstage backend plugin that helps you create new things Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the log redaction mechanism in task event logs. An attacker can access sensitiv...

2CVSS5.8AI score0.00262EPSS
Exploits0References2
OSV
OSV
added 2026/03/05 12:23 a.m.2 views

GHSA-8QP7-FHR9-FW53 @backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass

Impact A malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. The attack requires: - The ability to register a template in the catalog - A victim who executes the malicious template Patches Patched in...

2CVSS5.9AI score0.00262EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/05 12:23 a.m.8 views

@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass

Impact A malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. The attack requires: - The ability to register a template in the catalog - A victim who executes the malicious template Patches Patched in...

6.5CVSS5.9AI score0.00262EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.3 views

PT-2026-23439

Name of the Vulnerable Software and Affected Versions Backstage versions prior to 3.1.4 Description Backstage is a framework for building developer portals. A malicious scaffolder template can bypass the log redaction mechanism, potentially exposing secrets provided through task event logs. The...

2CVSS5.8AI score0.00262EPSS
Exploits0References6
Rows per page
Query Builder