109 matches found
CVE-2026-45046
Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...
CVE-2026-45046 Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content
Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...
CVE-2026-45046
Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...
CVE-2026-45046 Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content
Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...
GHSA-WG5X-3G47-V38R fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode
When chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in plaintext. An attacker with access to the chaincode server logs could recover the TLS private key password. If the attacker can also obtain...
libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa()
A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...
libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa()
A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the logging process. An attacker can access sensitive information by obtaining the local sqlite database, which may contain file content that should have been...
Apache ZooKeeper: Apache ZooKeeper: Information disclosure via improper handling of configuration values
A flaw was found in Apache ZooKeeper. Improper handling of configuration values in ZKConfig allows an attacker to expose sensitive information. This occurs when sensitive client configuration values are logged at an INFO level in the client's logfile. This vulnerability can lead to information...
CVE-2026-34164 Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService
Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data PII, citizen identifier...
Apache ZooKeeper: Apache ZooKeeper: Information disclosure via improper handling of configuration values
A flaw was found in Apache ZooKeeper. Improper handling of configuration values in ZKConfig allows an attacker to expose sensitive information. This occurs when sensitive client configuration values are logged at an INFO level in the client's logfile. This vulnerability can lead to information...
OneUptime: Password Reset Token Logged at INFO Level
Summary The password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log aggregation, Docker logs, Kubernetes pod logs can intercept reset tokens and perfo...
CVE-2026-32598 OneUptime: Password Reset Token Logged at INFO Level
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log...
EUVD-2019-2977
Malware in sbrugna...
EUVD-2020-0498
Malware in sbrugna...
EUVD-2009-3860
Malware in sbrugna...
EUVD-2024-41687
Malicious code in bioql PyPI...
EUVD-2024-41653
Malicious code in bioql PyPI...
EUVD-2024-0895
Malicious code in bioql PyPI...
EUVD-2023-54492
Malicious code in bioql PyPI...