Lucene search
K

1287 matches found

CVE
CVE
added 2 days ago12 views

CVE-2026-62147

CVE-2026-62147 affects the Tempo Operator, specifically its gateway component. When query RBAC is enabled, the gateway fails to consistently apply namespace-scoped redaction on certain query API response paths, allowing an authenticated user to read span attributes belonging to other tenants’ nam...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2 days ago9 views

CVE-2026-62147

The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces. Mitigation There is no mitigation or workarou...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-57809

Name of the Vulnerable Software and Affected Versions Tempo Operator affected versions not specified Description The gateway component fails to consistently apply namespace-scoped redaction on certain query API response paths when query RBAC Role-Based Access Control is enabled. This allows an...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References4
NVD
NVD
added 2026/07/07 10:16 a.m.10 views

CVE-2026-48828

The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based shouldhidevalueforkey check which triggers on secret-suffixed key names like password / token / secret could not fire for JSON-decodable variable values. An authenticated UI/API user...

6.5CVSS0.00664EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 9:18 a.m.4 views

CVE-2026-48828 Apache Airflow: Bulk JSON Variables bypass should_hide_value_for_key - redact() called without the key

The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based shouldhidevalueforkey check which triggers on secret-suffixed key names like password / token / secret could not fire for JSON-decodable variable values. An authenticated UI/API user...

6.5CVSS6AI score0.00664EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/07 9:18 a.m.6 views

EUVD-2026-42028

The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based shouldhidevalueforkey check which triggers on secret-suffixed key names like password / token / secret could not fire for JSON-decodable variable values. An authenticated UI/API user...

6.5CVSS6AI score0.00664EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/30 3:58 p.m.7 views

Moderate: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.10.1 release

Red Hat OpenShift distributed tracing platform Tempo 3.10.1 has been released This release of the Red Hat OpenShift distributed tracing platform Tempo provides security improvements and bug fixes. Breaking changes: None Deprecations: None Technology Preview features: None Enhancements: None Bug...

5.3CVSS6AI score0.0037EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/30 3:51 p.m.8 views

EUVD-2026-40374

Nightingale n9e before 9.0.0-beta.2 exposes full datasource configurations, including plaintext database passwords, HTTP bearer tokens, HTTP basic-auth passwords, and mTLS client keys, to any authenticated low-privilege Standard role user through POST /api/n9e/datasource/list. The route is...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References5
OSV
OSV
added 2026/06/30 9:6 a.m.3 views

SUSE-SU-2026:2695-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: - CVE-2026-48618: tls: normalize hostname for server identity checks bsc1268593. - CVE-2026-48933: crypto: guard WebCrypto cipher output length bsc1268592. - CVE-2026-48615: lib,test: redact proxy credentials in tunnel errors bsc1268598. -...

9.8CVSS6.1AI score0.02806EPSS
Exploits3References39
NVD
NVD
added 2026/06/24 2:17 p.m.9 views

CVE-2026-57287

Jenkins Job Configuration History Plugin 1356.ve360da6c523a and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted...

4.3CVSS0.0013EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:20 p.m.27 views

CVE-2026-57287

Affected product: Jenkins Job Configuration History Plugin. Vulnerable component: historical job/agent configuration display. Root cause: plugin versions 1356.ve360da_6c523a_ and earlier fail to redact encrypted secret values when shown in history, enabling disclosure to users with Extended Read....

4.3CVSS5.8AI score0.0013EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/18 5:22 p.m.14 views

netlicensing-mcp: REST Path Traversal Bypasses Token Redaction

REST Path Traversal Bypasses Token Redaction in netlicensing-mcp Summary The netlicensinggetproduct MCP tool in netlicensing-mcp interpolates a caller-controlled productnumber argument directly into a REST URL path without any validation. Passing ../token as the product number causes httpx to...

5.5AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/16 11:48 a.m.6 views

BIT-MONGODB-2026-9735 Keyfile contents are in MongoDB Server logs

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS5.4AI score0.00119EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.14 views

CVE-2025-46313

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

5.5CVSS0.0013EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 6:47 p.m.19 views

CVE-2025-46313

CVE-2025-46313 describes a logging issue in macOS Tahoe 26.1 where sensitive user data could be exposed due to insufficient data redaction. Affected product: macOS Tahoe (specific version prior to 26.1). Root cause: inadequate redaction in log/data handling within the system components. Impact: a...

5.5CVSS5.4AI score0.0013EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/11 6:47 p.m.10 views

EUVD-2025-210112

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

5.4AI score0.0013EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 6:47 p.m.12 views

CVE-2025-46313

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

6.5AI score0.0013EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 6:47 p.m.28 views

CVE-2025-46313

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

0.0013EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 12:16 p.m.15 views

CVE-2026-53912

Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow stored the registrant’s hashed password in the inbox message data payload. This payload was returned unredacted through inbox index and view responses, including HTML, JSON, a...

5.1CVSS0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 10:3 a.m.29 views

CVE-2026-53912 Cerebrate self-registration password hash exposure via inbox and audit log views

Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow stored the registrant’s hashed password in the inbox message data payload. This payload was returned unredacted through inbox index and view responses, including HTML, JSON, a...

5.1CVSS0.00242EPSS
Exploits0References1
Rows per page
Query Builder