74 matches found
CVE-2026-45581
fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in...
GHSA-7XGW-6QF3-7W59 dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled
Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary DbtMCP.calltool in src/dbtmcp/mcp/server.py logs the complete raw arguments dictionary at INFO level on every tool invocation line 67 and again at ERROR level if the call...
PT-2026-40271
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Gi...
GHSA-7VF8-2CR6-54MF Argo vulnerable to exposure of artifact repository credentials
Summary The workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc. in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. Note: This is an...
Argo vulnerable to exposure of artifact repository credentials
Summary The workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc. in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. Note: This is an...
Sensitive Information Exposure
github.com/coder/coder/v2 is vulnerable to Sensitive Information Exposure. The vulnerability is due to logging of Workspace Agent manifests containing sensitive values in plaintext without sanitization, which allows an attacker with access to logs to retrieve confidential information...
CVE-2026-25918
unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...
CVE-2026-22038
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using...
CVE-2026-22038
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using...
CVE-2026-22038 AutoGPT's API Keys and Secrets Logged in Plaintext in Stagehand Integration Blocks
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using...
CVE-2026-22038
CVE-2026-22038 affects AutoGPT prior to platform-beta-v0.6.46. The vulnerability arises when Stagehand blocks log API keys and authentication secrets in plaintext via logger.info() in StagehandObserveBlock, StagehandActBlock, and StagehandExtractBlock, where api_key.get_secret_value() is logged. ...
CVE-2026-22038
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using...
CVE-2026-22038 AutoGPT's API Keys and Secrets Logged in Plaintext in Stagehand Integration Blocks
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using...
CVE-2026-22038 AutoGPT's API Keys and Secrets Logged in Plaintext in Stagehand Integration Blocks
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using...
CVE-2026-24762
RustFS exposes credentials in plaintext in logs across versions alpha.13–alpha.81 due to logging sensitive credential material (access key, secret key, session token) at INFO level. This information disclosure could allow internal or external log consumers to obtain credentials and compromise Rus...
CVE-2021-31821
When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image...
CVE-2022-31047
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys e.g. database credentials can be logged as plaintext in exception handlers, when logging the complete exception stack trace...
Coder sensitive objects logged unsanitized vulnerability (CVE-2025-66411)
The Coder versions prior to 2.26.5, 2.27.7, and 2.28.4 are therefore vulnerable to a sensitive information disclosure via plaintext logging. Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace VM,...
CVE-2025-66411 Coder logged sensitive objects unsanitized
Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace VM, K8s Pod etc. or ...
CVE-2025-66411 Coder logged sensitive objects unsanitized
Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace VM, K8s Pod etc. or ...