CVE-2026-45046

Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...

clusterd

This is an open-source application server attack toolkit called clusterd. It automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack. The toolkit currently supports six different application server platforms, with several more in development and...

PT-2024-35118 · Apache · Apache Nifi

Name of the Vulnerable Software and Affected Versions: Apache NiFi versions 1.16.0 through 1.28.0 Apache NiFi versions 2.0.0-M1 through 2.0.0-M4 Description: The issue concerns the optional debug logging of Parameter Context values during the flow synchronization process in Apache NiFi. An...

PT-2024-10386 · Unknown · Fleet Server

Name of the Vulnerable Software and Affected Versions: Fleet Server versions are not explicitly specified in the provided descriptions, but based on the available information, the issue is identified in Fleet Server. Description: An issue was identified in Fleet Server where Fleet policies that...

Improper Authentication

Apache Pulsar Proxy is vulnerable to Improper Authentication. The vulnerability is caused due to missing authorization checks in the /proxy-stats endpoint. This can lead to unauthorized access this sensitive endpoints, allowing attackers to view detailed connection statistics and potentially...

Authentication flaw

IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could...

Inclusion of Sensitive Information in Log Files

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log...

ZSQL: Server Logging Levels

The LOGLEVEL parameter specifies the levels of run logs and debug logs to be written into the server. The default value is 7, indicating that run logs in all levels are written into the server. If LOGLEVEL is set to 0, not only RUN and DEBUG logging, but also ALARM logging will be disabled. This...

Security update for java-1_7_0-openjdk (important)

This update for java-170-openjdk fixes the following issues: - Oracle Critical Patch Update of January 2017 to OpenJDK 7u131 bsc1020905: Security Fixes - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution -...

SUSE-SU-2017:0346-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Oracle Critical Patch Update of January 2017 bsc1020905 Upgrade to version jdk8u121 icedtea 3.3.0: - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution...

IBM Security Identity Manager Information Disclosure Vulnerability (CNVD-2015-01982)

IBM Security Identity Manager is part of the IBM Security Systems portfolio of products that help organizations drive effective identity management and control across the enterprise, reducing the risk of identity fraud and improving regulatory compliance. An information disclosure vulnerability...