Lucene search
K

4579 matches found

Microsoft CVE
Microsoft CVE
added 2025/06/10 7:0 a.m.9 views

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

7.8CVSS7.7AI score0.00643EPSS
Exploits0
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.3 views

Microsoft Windows Common Log File System Driver 安全漏洞

The Microsoft Windows Common Log File System Driver is a Microsoft Corporation Common Log File System CLFS API that provides a high-performance, common log file subsystem that can be used by dedicated client applications and shared by multiple clients to optimize logging and access. access. A...

7.8CVSS9.2AI score0.00643EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.4 views

PT-2025-24827 · Microsoft · Windows Common Log File System Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Common Log File System Driver affected versions not specified Description: A heap-based buffer overflow issue in the Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Recommendations: A...

7.8CVSS9.4AI score0.00643EPSS
Exploits0References10
OSV
OSV
added 2025/06/06 3:49 p.m.3 views

GHSA-QX7G-FX8Q-545G Para Inserts Sensitive Information into Log File for Facebook authentication

CWE ID: CWE-532 Insertion of Sensitive Information into Log File CVSS: 6.2 Medium Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Component: Facebook Authentication Logging Version: Para v1.50.6 File Path:...

6.2CVSS5.9AI score0.00145EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/06/05 4:40 p.m.21 views

CVE-2025-49009 Para Inserts Sensitive Information into Log File for Facebook authentication

Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in FacebookAuthFilter.java results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access...

6.2CVSS0.00145EPSS
Exploits0References2
CVE
CVE
added 2025/06/05 4:40 p.m.63 views

CVE-2025-49009

Para’s CVE-2025-49009 affects the Para server (Facebook authentication flow) via FacebookAuthFilter.java, where a failed request to Facebook’s profile endpoint logs the full URL including the user’s access token in plaintext. The issue exists in versions prior to 1.50.8 and is mitigated by upgrad...

6.2CVSS6.3AI score0.00145EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/06/05 12:0 a.m.8 views

The vulnerability of the django.utils.log.log_response() function in the Django web application framework allows a hacker to gain access and modify data in the log file.

The vulnerability of the django.utils.log.logresponse function in the Django web application framework is related to improper handling of log file output. Exploiting this vulnerability can allow an attacker to gain access and modify data in the log files...

4CVSS7.5AI score0.006EPSS
Exploits0References9Affected Software6
UbuntuCve
UbuntuCve
added 2025/06/04 2:0 p.m.6 views

CVE-2025-48432

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are...

5.3CVSS7.2AI score0.006EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/05/30 8:1 p.m.14 views

Para Server Logs Sensitive Information

CWE ID: CWE-532 Insertion of Sensitive Information into Log File CVSS: 7.5 High Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Component: Para Server Initialization Logging Version: Para v1.50.6 File Path:...

6.2CVSS7.1AI score0.00145EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/30 8:1 a.m.28 views

CVE-2025-46777

A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log...

2.7CVSS6.3AI score0.00209EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/28 7:56 a.m.43 views

CVE-2025-46777

A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log...

2.3CVSS0.00209EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/28 7:56 a.m.6 views

CVE-2025-46777

A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log...

2.3CVSS6.3AI score0.00209EPSS
Exploits0References1
CVE
CVE
added 2025/05/28 7:56 a.m.63 views

CVE-2025-46777

Fortinet FortiPortal is affected by a log information disclosure vulnerability. In FortiPortal versions 7.4.0, 7.2.0–7.2.5, and 7.0.0–7.0.9, an authenticated user with at least read-only admin permissions may cause sensitive data to be written to the system log, allowing viewing of encrypted secr...

2.7CVSS3.4AI score0.00209EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/05/28 12:0 a.m.5 views

ISC Kea 安全漏洞

ISC Kea is a modern open source DHCPv4 and DHCPv6 server from the ISC organization. A security vulnerability exists in ISC Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8, which stems from the possibility that the log file or lease file may be globally readable, whi...

4CVSS6.1AI score0.0021EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:49 a.m.15 views

CVE-2024-43990

Insertion of Sensitive Information into Log File vulnerability in StylemixThemes Masterstudy LMS Starter.This issue affects Masterstudy LMS Starter: from n/a through 1.1.8...

5.3CVSS6.9AI score0.00367EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:47 a.m.8 views

CVE-2024-9364

The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wpmailplusclearlogs' function in all versions up to, and including, 1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

4.3CVSS6.4AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:44 a.m.10 views

CVE-2024-38862

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p18, 2.2.0p35, 2.1.0p48 and =2.0.0p39 EOL causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators...

5.1CVSS6.8AI score0.00322EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:32 a.m.7 views

CVE-2024-43781

A vulnerability has been identified in SINUMERIK 828D V4 All versions V4.95 SP3, SINUMERIK 840D sl V4 All versions V4.95 SP3 in connection with using Create MyConfig CMC = V4.8 SP1 HF6, SINUMERIK ONE All versions V6.23 in connection with using Create MyConfig CMC = V6.6, SINUMERIK ONE All version...

6.8CVSS6.1AI score0.00155EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:32 a.m.8 views

CVE-2024-42344

A vulnerability has been identified in SINEMA Remote Connect Client All versions V3.2 SP2. The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the...

5.5CVSS6.2AI score0.00155EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:20 a.m.8 views

CVE-2024-3682

The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extrac...

5.3CVSS6.4AI score0.00581EPSS
Exploits0References1
Rows per page
Query Builder