GHSA-XCCP-97WP-3GJG Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

Linux Distros Unpatched Vulnerability : CVE-2026-34487

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer...

CVE-2025-15480

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs...

EUVD-2025-206663

A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade...

Security update for grafana

This update for grafana fixes the following issues: grafana was updated from version 11.5.5 to 11.5.10: Security issues fixed: CVE-2025-64751: Dropped experimental implementation of authorization Zanzana server/client version 11.5.10 bsc1254113 CVE-2025-47911: Fixed parsing HTML documents version...

SUSE SLED15 / SLES15 Security Update : alloy (SUSE-SU-2025:4121-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4121-1 advisory. - update to 1.11.3: - CVE-2025-58058: Fixed memory leaks in xz. bsc1248960 - CVE-2025-11065: Fixed sensitive...

Security update for alloy

This update for alloy fixes the following issues: update to 1.11.3: CVE-2025-58058: Fixed memory leaks in xz. bsc1248960 CVE-2025-11065: Fixed sensitive Information leak in logs. bsc1250621 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Medium: nerdctl

Issue Overview: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data CVE-2025-11065 Affected Packages: nerdctl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extra...

CVE-2025-12910

Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information via debug logs. Chromium security severity: Low...

PT-2025-5591 · Unknown +1 · Kube-Audit-Rest +1

Name of the Vulnerable Software and Affected Versions: kube-audit-rest versions prior to 1.0.16 Description: The issue concerns a simple logger of mutation/creation requests to the k8s API, where the previous values of Kubernetes secrets would have been disclosed in the audit messages if the...

CVE-2023-21435

Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log...

CVE-2022-33698

Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log...

CVE-2022-33687

Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log...

Samsung SMR 安全漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A security vulnerability exists in versions prior to Samsung SMR Oct-2021 Release 1, which stems from information leakage in the Widevine TA logs, allowing an attacker to exploit t...

Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs

A data disclosure flaw was found in Ansible when using the Splunk and Sumologic modules, as they are not respecting when the flag nolog is enabled. This flaw can disclose and collect sensitive data from the system and expose it to an attacker...

DEBIAN-CVE-2019-3885

A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs...

Loctouch for Android vulnerable in handling of implicit intents

Overview Loctouch for Android contains a vulnerability in the handling of implicit intents. Loctouch provided by NHN Japan, is an application that logs location information. Loctouch for Android contains a vulnerability in the handling of implicit intents. Gaku Mochizuki of Mitsui Bussan Secure...