CVE-2025-32613

The CVE-2025-32613 issue affects Bowo Debug Log Manager up to version 2.3.4, with Stored XSS caused by improper neutralization of input during web page generation. The PT-2025-17139 entry confirms the vulnerability and recommends updating to a fixed version, though no specific patched version is ...

WordPress plugin Debug Log Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2025-17139 · Unknown · Bowo Debug Log Manager

Name of the Vulnerable Software and Affected Versions: Bowo Debug Log Manager versions through 2.3.4 Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that an attacker can inject malicious...

CVE-2025-27391

CVE-2025-27391 affects Apache ActiveMQ Artemis. When debug logging is enabled for the broker, the system logs all broker property values via the ConfigurationImpl logger, potentially exposing sensitive information. Affected versions are from 1.5.1 up to (but not including) 2.40.0. Impact is expos...

GPT Academic Cross-Site Scripting Vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a cross-site scripting vulnerability that stems from the Latex Proof-Reading Module's lack of effective filtering and escaping of user-supplied data, which ca...

CVE-2025-0183 Stored XSS in binary-husky/gpt_academic

A stored cross-site scripting XSS vulnerability exists in the Latex Proof-Reading Module of binary-husky/gptacademic version 3.9.0. This vulnerability allows an attacker to inject malicious scripts into the debuglog.html file generated by the module. When an admin visits this debug report, the...

GPT Academic 跨站脚本漏洞

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a cross-site scripting vulnerability that stems from the Latex Proof-Reading Module's lack of effective filtering and escaping of user-supplied data, which ca...

IBM Cognos Analytics Mobile 安全漏洞

IBM Cognos Analytics Mobile is an application from International Business Machines IBM, Inc. integrates reporting, modeling, analytics, dashboards, cases, and event management. A security vulnerability exists in IBM Cognos Analytics Mobile version 1.1, which originates from debug code log message...

Autodesk: Exposing debug.log file leads to server full path disclosure

Vulnerability description not provided...

CVE-2020-5262

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

CVE-2024-32582

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bowo Debug Log Manager allows Stored XSS.This issue affects Debug Log Manager: from n/a through 2.3.1...

CVE-2024-20440

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...

PT-2025-2236 · WordPress · Ecpay Ecommerce For Woocommerce

Name of the Vulnerable Software and Affected Versions: ECPay Ecommerce for WooCommerce plugin for WordPress versions up to, and including, 1.1.2411060 Description: The issue is related to a missing capability check on the 'clear ecpay debug log' AJAX action. This allows authenticated attackers wi...

CVE-2024-12008

The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For exampl...

CVE-2024-12008

The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For exampl...

CVE-2024-12008

CVE-2024-12008 (W3 Total Cache for WordPress) is described in connected Red Hat documentation as a vulnerability to Information Exposure in all versions up to and including 2.8.1, exposed via the publicly accessible debug log file. The issue allows unauthenticated attackers to view potentially se...

CVE-2024-12008 W3 Total Cache <= 2.8.1 Information Exposure via Log Files

The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For exampl...

CVE-2024-12008 W3 Total Cache <= 2.8.1 Information Exposure via Log Files

The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For exampl...

PT-2025-1728

Name of the Vulnerable Software and Affected Versions W3 Total Cache plugin for WordPress versions 2.8.1 and earlier Description The issue allows unauthenticated attackers to view potentially sensitive information in the exposed log file, which may contain nonce values that can be used in further...

CVE-2024-52067

CVE-2024-52067 affects Apache NiFi 1.16.0–1.28.0 and 2.0.0-M1–2.0.0-M4. The issue is optional debug logging of Parameter Context values during flow synchronization, which an authorized admin could enable to write parameter names and values to logs. Deployments with the default Logback config do n...