8287 matches found
CVE-2025-13494
The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location wp-content/uploads/ssp-debug/ssp-debug.log without any access controls. This...
CVE-2025-13494
The CVE covers the WordPress plugin SSP Debug (WordPress SSP Debugging) with versions up to and including 1.0.0. Root cause: the plugin stores PHP error logs in a web-accessible location (wp-content/uploads/ssp-debug/ssp-debug.log) without access controls. Impact: unauthenticated attackers can vi...
EUVD-2025-201342
The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location wp-content/uploads/ssp-debug/ssp-debug.log without any access controls. This...
CVE-2025-13494 SSP Debug <= 1.0.0 - Unauthenticated Sensitive Information Exposure
The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location wp-content/uploads/ssp-debug/ssp-debug.log without any access controls. This...
SUSE CVE-2025-40226
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...
ReQuest Serious Play F3 Media Server 日志信息泄露漏洞
ReQuest Serious Play F3 Media Server is a digital media server from ReQuest Serious Play USA. A log information disclosure vulnerability exists in ReQuest Serious Play F3 Media Server versions 7.0.3.4968, 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823, which originates from an...
PT-2025-49270
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 Pro, 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running...
CVE-2025-40226
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...
UBUNTU-CVE-2025-40226
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...
CVE-2025-40226
CVE-2025-40226: In the Linux kernel, the SCMI firmware debug subsystem may fail to initialize, leaving the debug root missing and the descriptor NULL. The fix adds fault handling in SCMI debug helpers that maintain metrics counters to cope with a NULL descriptor when initialization fails.
CVE-2025-40226
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...
CVE-2025-40226 firmware: arm_scmi: Account for failed debug initialization
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...
CVE-2025-40226 firmware: arm_scmi: Account for failed debug initialization
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...
EUVD-2025-201233
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...
Ansible Community General Collection is vulnerable to exposure of sensitive information
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and...
GHSA-8GGH-XWR9-3373 Ansible Community General Collection is vulnerable to exposure of sensitive information
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and...
DEBIAN-CVE-2025-14010
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and...
CVE-2025-14010 Ansible-collection-community-general: ansible-collection-community-general: keycloak user module leaks credentials in verbose output
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and...
CVE-2025-14010 Ansible-collection-community-general: ansible-collection-community-general: keycloak user module leaks credentials in verbose output
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and...
Community General Collection 安全漏洞
Community General Collection is a collection of automation tools open-sourced by Ansible Collections. A security vulnerability exists in ansible-collection-community-general, which stems from exporting sensitive credentials in debug mode, which could lead to information disclosure...