Linux Distros Unpatched Vulnerability : CVE-2026-8200

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not...

Improper Removal of Sensitive Information Before Storage or Transfer

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the sourceConfig and runtimeConfig alias fields, which were not properly redacted. An attacker can obtain sensitive...

CVE-2026-20603

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26.3. An app with root privileges may be able to access private information...

CVE-2026-20619

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to access sensitive user data...

Insertion of Sensitive Information Into Sent Data

Amendment This issue was found to be a duplicate. The original vulnerability with details can be found here. Credit: William Ashe...

CVE-2025-66388

CVE-2025-66388 affects Apache Airflow where an authenticated UI user could view secret values in rendered templates because secrets were not properly redacted. This information disclosure vulnerability enables access to sensitive data without additional authorization. Public sources in connected ...

GHSA-RC54-2G2C-G36G OpenBao and Vault Leak []byte Fields in Audit Logs

Impact OpenBao's audit log did not appropriately redact fields when relevant subsystems sent byte response parameters rather than strings. This includes, but is not limited to: - sys/raw with use of encoding=base64, all data would be emitted unredacted to the audit log. - Transit, when performing...

EUVD-2024-20748

Malicious code in bioql PyPI...

EUVD-2022-45902

Malicious code in bioql PyPI...

EUVD-2024-2498

Malicious code in bioql PyPI...

EUVD-2023-0951

Malicious code in bioql PyPI...

EUVD-2024-20729

Malicious code in bioql PyPI...

CVE-2025-43303

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data...

Apple macOS Tahoe 安全漏洞

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

GHSA-3X3Q-GHCP-WHF7 Template Secret leakage in logs in Scaffolder when using `fetch:template`

A logging flaw in Backstage Scaffolder’s fetch:template action up to @backstage/plugin-scaffolder-backend 2.1.0 may write template secrets to logs. The action emitted a duplicate, pre-redaction copy of input parameters, so values provided via the secrets bag could appear in local/server logs when...

CVE-2025-55285

The CVE-2025-55285 issue affects the Backstage scaffolder-backend plugin. Before version 2.1.1, the fetch:template action could duplicate the input log path, causing some secrets passed via the {{ secrets }} bag to be written to logs instead of being redacted. Affected product: @backstage/plugin-...

PT-2025-33503 · Backstage · @Backstage/Plugin-Scaffolder-Backend

Name of the Vulnerable Software and Affected Versions: @backstage/plugin-scaffolder-backend versions prior to 2.1.1 Description: The backend for the default Backstage software templates exhibited duplicate logging of input values in the fetch:template action within the Scaffolder. This resulted i...

CVE-2025-53886 Directus doesn't redact tokens in Flow logs

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all incoming request details are logged including security sensitive data like access and refresh tokens in...

CVE-2024-6300

Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain strings were present in the PDU before redaction...

CVE-2024-54549

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data...