CVE-2026-40945

Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This...

EUVD-2025-1532

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-0194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7...

Linux Distros Unpatched Vulnerability : CVE-2024-7554

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all version...

CVE-2024-9453

A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if th...

CVE-2025-49009 Para Inserts Sensitive Information into Log File for Facebook authentication

Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in FacebookAuthFilter.java results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access...

CVE-2025-0194

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner...

PT-2025-5270 · Microsoft · Intune +1

Name of the Vulnerable Software and Affected Versions: Himmelblau versions 0.7.0 through 0.7.14 Himmelblau versions 0.8.0 through 0.8.2 Description: Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debug logging is enabled, user access tokens are inadvertently...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from the possibility th...

BIT-GITLAB-2021-39919

In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure...

PT-2023-30439 · Headscale · Headscale

Name of the Vulnerable Software and Affected Versions: Headscale versions through 0.22.3 Description: The issue allows Headscale to write bearer tokens to info-level logs. Recommendations: For versions through 0.22.3, consider restricting log access to minimize the risk of exploitation. At the...

FreeBSD : Gitlab -- Vulnerabilities (fa239535-30f6-11ee-aef9-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the fa239535-30f6-11ee-aef9-001b217b3468 advisory. - An issue has been discovered in GitLab affecting all versions starting from 15.2 before...

PT-2023-3262 · Kubernetes · Secrets-Store-Csi-Driver

Name of the Vulnerable Software and Affected Versions: secrets-store-csi-driver versions prior to 1.3.3 Description: The issue is related to insufficient protection of registration data in the secrets-store-csi-driver component of Kubernetes. This can allow an attacker to gain unauthorized access...

PT-2021-22765 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.0 through 14.3.5 GitLab CE/EE versions 14.4 through 14.4.3 GitLab CE/EE versions 14.5 through 14.5.1 Description: The reset password token and new user email token are accidentally logged, which may lead to informatio...

CentOS 8 : .NET 5.0 (CESA-2021:3148)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3148 advisory. - dotnet: ASP.NET Core WebSocket frame processing DoS CVE-2021-26423 - dotnet: Dump file created world-readable CVE-2021-34485 - dotnet: ASP.NET Core J...

RHEL 8 : .NET 5.0 (RHSA-2021:3148)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3148 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

RHEL 8 : .NET Core 3.1 (RHSA-2021:3142)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3142 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

dotnet: ASP.NET Core JWT token logging

ASP.NET Core and Visual Studio Information Disclosure Vulnerability...

Red Hat OpenShift API Server Resource Management Error Vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat that supports building, testing, deploying, and running applications.API Server is one of the API Application Programming Interface servers. The Red Hat OpenShift API Server has a resource management error...