Lucene search
K

497 matches found

Cvelist
Cvelist
added 2026/03/25 10:26 a.m.17 views

CVE-2026-23303 smb: client: Don't log plaintext credentials in cifs_set_cifscreds

In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifssetcifscreds When debug logging is enabled, cifssetcifscreds logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing...

0.00123EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the storage of plaintext credentials in debug log records, potentially leading to credential exposure...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.6 views

CVE-2026-2502

The xmlrpc attacks blocker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0, via the 'X-Forwarded-For' HTTP header. This is due to the plugin trusting and logging attacker-controlled IP header data and rendering debug log entries without outp...

6.1CVSS5.8AI score0.00265EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/19 4:36 a.m.2 views

CVE-2026-2502

The xmlrpc attacks blocker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0, via the 'X-Forwarded-For' HTTP header. This is due to the plugin trusting and logging attacker-controlled IP header data and rendering debug log entries without outp...

6.1CVSS6.1AI score0.00265EPSS
Exploits0References6
CVE
CVE
added 2026/02/19 4:36 a.m.14 views

CVE-2026-2502

CVE-2026-2502 concerns the WordPress plugin xmlrpc-attacks-blocker (versions up to and including 1.0). The vulnerability is a Stored XSS via the X-Forwarded-For header, caused by trusting attacker-controlled header data and rendering unescaped entries in the debug log. This allows unauthenticated...

6.1CVSS5.8AI score0.00265EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.8 views

PT-2026-20641

Name of the Vulnerable Software and Affected Versions xmlrpc attacks blocker plugin for WordPress versions prior to 1.1 Description The xmlrpc attacks blocker plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs due to the plugin trusting and logging attacker-controlled...

6.1CVSS5.5AI score0.00265EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/02/14 3:9 p.m.3 views

CVE-2026-23131

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes multiple kerne...

5.2AI score0.00114EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/01/21 10:36 p.m.12 views

CVE-2026-24046

Backstage CVE-2026-24046 describes a symlink-based path traversal in multiple Scaffolder actions and archive extraction utilities. The vulnerability can allow reading arbitrary files (via debug:log), deleting files outside the workspace (via fs:delete), and writing outside the workspace during ar...

9.1CVSS5.8AI score0.00478EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/09 12:28 p.m.4 views

CVE-2018-21074

An issue was discovered on Samsung mobile devices with M6.x Exynos or Qualcomm chipsets software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 April 2018...

3.3CVSS6.4AI score0.00132EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:19 a.m.7 views

CVE-2019-18958

Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed...

7.8CVSS7AI score0.00547EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:7 a.m.19 views

CVE-2019-20003

Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. This could be exploited when an attacker sends an crafted string for FTP authentication...

6.1CVSS5.7AI score0.00702EPSS
Exploits1References1
CNVD
CNVD
added 2025/12/12 12:0 a.m.2 views

WordPress Debug Log Viewer plugin missing license vulnerability

WordPress Debug Log Viewer plugin is a tool for managing debug logs for WordPress systems. A lack of authorization vulnerability exists in the WordPress Debug Log Viewer plugin, which can be exploited by an attacker to cause the exploitation of a misconfigured access control security level...

5.4CVSS6.8AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 2:23 p.m.5 views

CVE-2025-67561

Missing Authorization vulnerability in Oleksandr Lysyi Debug Log Viewer debug-log-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Debug Log Viewer: from n/a through = 2.0.3...

5.4CVSS7AI score0.00168EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.4 views

EUVD-2025-202085

Missing Authorization vulnerability in Oleksandr Lysyi Debug Log Viewer debug-log-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Debug Log Viewer: from n/a through = 2.0.3...

5.4CVSS6.5AI score0.00168EPSS
Exploits0References2
NVD
NVD
added 2025/12/09 4:18 p.m.11 views

CVE-2025-67561

Missing Authorization vulnerability in Oleksandr Lysyi Debug Log Viewer debug-log-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Debug Log Viewer: from n/a through = 2.0.3...

5.4CVSS0.00168EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 4:17 p.m.5 views

CVE-2022-50665

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix failed to find the peer with peerid 0 when disconnected It has a fail log which is ath11kdbg in ath11kdprxprocessmonstatus, as below, it will not print when debugmask is not set ATH11KDBGDATA. ath11kdbgab,...

0.00198EPSS
Exploits0References3
OSV
OSV
added 2025/12/09 4:17 p.m.3 views

DEBIAN-CVE-2022-50665

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix failed to find the peer with peerid 0 when disconnected It has a fail log which is ath11kdbg in ath11kdprxprocessmonstatus, as below, it will not print when debugmask is not set ATH11KDBGDATA. ath11kdbgab,...

5.2AI score0.00198EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 2:14 p.m.13 views

CVE-2025-67561

CVE-2025-67561 relates to the WordPress Debug Log Viewer plugin and describes a Broken Access Control / Missing Authorization vulnerability in versions up to and including 2.0.3. The issue stems from incorrectly configured access controls enabling an attacker to exploit the vulnerability; several...

5.4CVSS6.6AI score0.00168EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 2:14 p.m.3 views

CVE-2025-67561 WordPress Debug Log Viewer plugin <= 2.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Oleksandr Lysyi Debug Log Viewer debug-log-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Debug Log Viewer: from n/a through = 2.0.3...

5.4CVSS6.6AI score0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 2:14 p.m.26 views

CVE-2025-67561 WordPress Debug Log Viewer plugin <= 2.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Oleksandr Lysyi Debug Log Viewer debug-log-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Debug Log Viewer: from n/a through = 2.0.3...

5.4CVSS0.00168EPSS
Exploits0References1
Rows per page
Query Builder