CVE-2026-57951

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

EUVD-2026-40168

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the stderr output when verbose logging is enabled. An attacker can obtain sensitive cluster credentials by accessing the stderr stream, which may be exposed through CI job logs,...

EUVD-2026-32932

When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embeds every credential calicoctl uses to talk to the cluster — inline kubeconfig with bearer token,...

CVE-2026-6720

Calico component calicoctl is affected. When run with --log-level=info or --log-level=debug, it prints the full contents of its loaded connection-configuration struct to stderr in a single log line, exposing credentials (inline kubeconfig with bearer token, Kubernetes API bearer token, etcd passw...

CVE-2026-6720 Calicoctl leaks cluster credentials to stderr when verbose logging is enabled

When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embeds every credential calicoctl uses to talk to the cluster — inline kubeconfig with bearer token,...

Low: socat

Issue Overview: readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file. CVE-2024-54661 Affected Packages: socat Issue Correction: Run dnf update socat --releasever 2023.11.20260514 or dnf update --advisory ALAS2023-2026-1701 --releasever 2023.11.20260514 to update your system...

PT-2026-41149

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary DbtMCP.call tool in src/dbt mcp/mcp/server.py logs the complete raw arguments dictionary at INFO level on every tool invocation line 67 and again at ERROR level if the cal...

Oracle Linux 9 : ELSA-2025-20559-0: / shadow-utils (ELSA-2025-205590)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-205590 advisory. 2:4.9-15 - nss.c: shadowlogfd to stderr. Resolves: RHEL-83431 - vipw: restore the original terminal pgrp after editing. Resolves: RHEL-70844 and RHEL-72940...

EUVD-2013-4409

Malware in sbrugna...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: socat (UTSA-2025-986111)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986111 advisory. readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file. Tenable has extracted the preceding description block directly from the Unity Linux securit...

Astra Linux – Vulnerability in Socat

readline.sh in Socat version before1.8.0.2 relies on the /tmp/$USER/stderr2 file...

readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file.

...

AZL-53960 CVE-2024-54661 affecting package socat for versions less than 1.7.4.4-2

readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file...

Unsound sending of non-Send types across threads in threadalone

Affected versions can run the Drop impl of a non-Send type on a different thread than it was created on. The flaw occurs when a stderr write performed by the threadalone crate fails, for example because stderr is redirected to a location on a filesystem that is full, or because stderr is a pipe...

Unsound sending of non-Send types across threads

Affected versions can run the Drop impl of a non-Send type on a different thread than it was created on. The flaw occurs when a stderr write performed by the threadalone crate fails, for example because stderr is redirected to a location on a filesystem that is full, or because stderr is a pipe...

Command Shell, Reverse SCTP (via python)

Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+. Module Options msf use payload/python/shellreversesctp msf payloadshellreversesctp show actions ...actions... msf payloadshellreversesctp set ACTION msf payloadshellreversesctp show...

Siemens SCALANCE X-200RNA Switch Devices Inappropriate Encoding For Output Context (CVE-2019-6110)

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server or Man-in- The-Middle attacker can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. - In OpenSSH 7.9, due to accepting and...

SUSE CVE-2014-3672

The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service host disk consumption by writing to stdout or stderr...

SUSE CVE-2019-6110

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server or Man-in-The-Middle attacker can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred...