Lucene search
K

91 matches found

NVD
NVD
added 2025/07/08 5:16 p.m.4 views

CVE-2025-53512

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information...

6.5CVSS0.00315EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/07/08 4:47 p.m.2 views

CVE-2025-53512 Sensitive log retrieval in Juju

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information...

6.5CVSS6.3AI score0.00315EPSS
Exploits1References1
CVE
CVE
added 2025/07/08 4:47 p.m.32 views

CVE-2025-53512

CVE-2025-53512 concerns Juju controllers where the /log endpoint is accessible to authenticated users without proper authorization checks, enabling exposure of debug log messages that may contain sensitive information. Affected component: Juju controller API/server logic handling log streaming. R...

6.5CVSS6.3AI score0.00315EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.3 views

PT-2025-28633

Name of the Vulnerable Software and Affected Versions: Juju affected versions not specified Description: The issue concerns the "/log" endpoint on a Juju controller, which lacked sufficient authorization checks. This allowed unauthorized users to access debug messages that could contain sensitive...

6.5CVSS6.1AI score0.00315EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/05/21 11:6 p.m.13 views

CVE-2008-7261

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file...

2.1CVSS6AI score0.00346EPSS
Exploits0References1
CVE
CVE
added 2025/04/10 1:30 p.m.240 views

CVE-2025-2469

GitLab CE/EE (versions 17.9 up to 17.9.5, 17.10 up to 17.10.3) contains a vulnerability where runtime profiling data of a specific service was accessible to unauthenticated users. The available sources consistently describe the issue as affecting GitLab CE/EE 17.9 before 17.9.6 and 17.10 before 1...

5.3CVSS4.3AI score0.00344EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/03 9:40 a.m.13 views

CVE-2025-31001

Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit gtm-kit allows Retrieve Embedded Sensitive Data.This issue affects GTM Kit: from n/a through = 2.4.0...

7.5CVSS7.2AI score0.00476EPSS
Exploits0References1
NVD
NVD
added 2025/04/01 6:15 a.m.15 views

CVE-2025-31001

Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit gtm-kit allows Retrieve Embedded Sensitive Data.This issue affects GTM Kit: from n/a through = 2.4.0...

7.5CVSS0.00476EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/01 5:32 a.m.5 views

CVE-2025-31001 WordPress GTM Kit plugin <= 2.4.0 - Sensitive Data Exposure vulnerability

Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit gtm-kit allows Retrieve Embedded Sensitive Data.This issue affects GTM Kit: from n/a through = 2.4.0...

7.5CVSS8.6AI score0.00476EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/01 5:32 a.m.31 views

CVE-2025-31001 WordPress GTM Kit plugin <= 2.4.0 - Sensitive Data Exposure vulnerability

Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit gtm-kit allows Retrieve Embedded Sensitive Data.This issue affects GTM Kit: from n/a through = 2.4.0...

7.5CVSS0.00476EPSS
Exploits0References1
CVE
CVE
added 2025/04/01 5:32 a.m.79 views

CVE-2025-31001

CVE-2025-31001 affects GTM Kit – Google Tag Manager & GA4 integration (GTM Kit) prior to version 2.4.0. The issue is an unauthenticated exposure of sensitive information via debug messages, as indicated by the vulnerability entry. CVSS v3.1 vectors show Network access, low attack complexity, no p...

7.5CVSS7.2AI score0.00476EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.7 views

PT-2025-14073 · Unknown · Tla Media Gtm Kit

Name of the Vulnerable Software and Affected Versions: TLA Media GTM Kit versions n/a through 2.3.1 Description: The issue allows retrieval of embedded sensitive data due to debug messages revealing unnecessary information. Recommendations: For versions n/a through 2.3.1, update to a version that...

7.5CVSS7.8AI score0.00476EPSS
Exploits0References5
OSV
OSV
added 2025/03/04 8:28 a.m.5 views

SUSE-SU-2025:20132-1 Security update for pam_u2f

This update for pamu2f fixes the following issues: - update to 1.3.2: Relax authfile permission check to a warning instead of an error to prevent a breaking change locking existing users out of their systems. - update to 1.3.1: CVE-2025-23013: Fixed problematic PAMIGNORE return values in...

7.3CVSS5.6AI score0.00397EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2012-0814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The authparseoptions function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorizedkeys command options, which allows...

6.5CVSS6.3AI score0.03672EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/06/17 6:21 a.m.14 views

Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs

Overview MFPs multifunction printers provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below. Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' CWE-776 - CVE-2024-27141, CVE-2024-27142 Execution with...

9.8CVSS7.5AI score0.26811EPSS
Exploits2References65
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.38 views

RHEL 6 : openssh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssh: loading of untrusted PKCS11 modules in ssh-agent CVE-2016-10009 - openssh: Bounds check can be...

7.8CVSS7.3AI score0.58568EPSS
Exploits12References6
Tenable Nessus
Tenable Nessus
added 2024/05/02 12:0 a.m.20 views

Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Debug Messages Revealing Unnecessary Information (CVE-2023-5392)

C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. This...

7.5CVSS5.5AI score0.00476EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/10 12:0 a.m.6 views

Dell BSAFE Information Disclosure Vulnerability

Dell BSAFE is a security software product from Dell Inc. that supports cryptographic algorithms, certificate chain validation, and Transport Layer Security TLS encryption suites, among other things, to help users achieve a variety of security goals for their applications. An information disclosur...

4.4CVSS6.1AI score0.00176EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/09 12:0 a.m.5 views

PT-2024-12152 · Dell · Bsafe Ssl-J

Name of the Vulnerable Software and Affected Versions: Dell BSAFE SSL-J versions prior to 6.5 Dell BSAFE SSL-J versions 7.0 and 7.1 Description: The issue is related to a debug message revealing unnecessary information, which may lead to disclosing sensitive information to a locally privileged...

4.4CVSS4.6AI score0.00176EPSS
Exploits0References5
Veracode
Veracode
added 2023/06/29 9:21 a.m.24 views

Information Disclosure

Vaadin is vulnerable to Information Disclosure. The vulnerability exists due to lack of masking sensitive debug messages which allows an attacker to view information such as class and method names included in RPC responses by sending modified requests...

4.3CVSS6.5AI score0.00514EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder