EUVD-2026-2912

In Apache Airflow versions before 3.1.6, the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such...

CVE-2025-68675

In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result,...

CVE-2025-68675 Apache Airflow: proxy credentials for various providers might leak in task logs

In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result,...

Apache Airflow security vulnerabilities

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 3.1.6, there were security...

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.232.b09-0.el7 (AXSA:2019-4346:06)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4346:06 advisory. OpenJDK: Improper handling of Kerberos proxy credentials Kerberos, 8220302 CVE-2019-2949 OpenJDK: Unexpected exception thrown during regular...

PT-2026-3232

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.1.6 Description Apache Airflow versions before 3.1.6 did not properly handle sensitive information within proxy URLs in Connection objects. Specifically, proxy credentials embedded in the proxies and proxy...

PT-2026-3231

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.1.6 Description When rendered template fields in a Dag exceed max templated field length, sensitive values could be exposed in cleartext in the Rendered Templates UI. This is due to the serialization of these...

Envoy Extension Policy lua scripts injection causes arbitrary command execution

Impact Envoy Gateway allows users to create Lua scripts that are executed by Envoy proxy using the EnvoyExtensionPolicy resource. Administrators can use Kubernetes RBAC to grant users the ability to create EnvoyExtensionPolicy resources. Lua scripts in policies are executed in two contexts: An...

GHSA-XRWG-MQJ6-6M22 Envoy Extension Policy lua scripts injection causes arbitrary command execution

Impact Envoy Gateway allows users to create Lua scripts that are executed by Envoy proxy using the EnvoyExtensionPolicy resource. Administrators can use Kubernetes RBAC to grant users the ability to create EnvoyExtensionPolicy resources. Lua scripts in policies are executed in two contexts: An...

Envoy Gateway 代码注入漏洞

Envoy Gateway is an Envoy Proxy open source that uses the Envoy agent as a gateway for standalone or Kubernetes-based applications. A code injection vulnerability exists in Envoy Gateway versions prior to 1.5.7 and prior to 1.6.2 that stems from the EnvoyExtensionPolicy Lua script that could...

CVE-2023-25722

A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users with OS-level access of the Jenkins remote to...

Security Bulletin: Potential Leakage of Proxy Credentials During Cross-Origin Redirects affect IBM watsonx.data

Summary Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-4673 DESCRIPTION: Proxy-Authorization and Proxy-Authenticate headers persisted on...

PT-2026-5131

Name of the Vulnerable Software and Affected Versions libsoup affected versions not specified Description An issue exists in the libsoup HTTP library where proxy authentication credentials can be sent to unintended destinations. This occurs because, during HTTP redirects to a different host, the...

CVE-2025-34451

A flaw was found in proxychains-ng. An attacker can exploit a stack-based buffer overflow vulnerability in the proxyfromstring function by providing crafted proxy configuration entries containing overly long username or password fields. This can lead to memory corruption or application crashes,...

CLSA-2025-1763413374 Fix CVE(s): CVE-2025-62168

SECURITY UPDATE: information disclosure in error handling - debian/patches/CVE-2025-62168.patch: Fix bug where proxy auth data was visible to scripts by redacting credentials from error page code expansion output and email links - CVE-2025-62168...

CVE-2025-9868

Server-Side Request Forgery SSRF in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests...

CVE-2025-9868

Server-Side Request Forgery SSRF in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests...

CVE-2025-9868

The vulnerability is a Server-Side Request Forgery (SSRF) in the Remote Browser Plugin of Sonatype Nexus Repository 2.x, up to and including 2.15.2. The issue allows unauthenticated remote attackers to exfiltrate proxy repository credentials by crafting HTTP requests. The root cause is SSRF in th...

CVE-2025-9868 Nexus Repository 2 - SSRF Vulnerability in Remote Browser Plugin

Server-Side Request Forgery SSRF in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests...

EUVD-2025-33291

Server-Side Request Forgery SSRF in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests...