PT-2025-50108

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0 through 7.4.3 FortiProxy versions 7.2.0 through 7.4.3 FortiPAM versions 1.0 through 1.4 FortiSRA version 1.4 Description A flaw exists where sensitive information can be written to log files. Specifically, a read-only...

PT-2025-50170

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A heap-based buffer overflow exists in the Windows Common Log File System Driver. This issue allows a locally authorized attacker to gain elevated privileges. The issue involves an...

KLA90812 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A remote cod...

KLA90811 Multiple vulnerabilities in Microsoft Product (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, spoof user interface, obtain sensitive information, bypass security restrictions, execute arbitrary code. Below is a...

Microsoft Windows Common Log File System Driver 安全漏洞

The Microsoft Windows Common Log File System Driver is a Microsoft Corporation Common Log File System CLFS API that provides a high-performance, common log file subsystem that can be used by dedicated client applications and shared by multiple clients to optimize logging and access. access. A...

KB5071507: Windows Server 2008 Security Update (December 2025)

The remote Windows host is missing security update 5071507. It is, therefore, affected by multiple vulnerabilities - Untrusted pointer dereference in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network. CVE-2025-62549 - Null pointer...

CVE-2025-64650

CVE-2025-64650 affects IBM Storage Defender - Resiliency Service for versions 2.0.0–2.0.18, with a disclosed vulnerability where sensitive user credentials could be exposed in log files. The issue is documented across multiple sources (IBM Security Bulletin and Red Hat/EU ENISA entries) and is ti...

CVE-2025-13494 SSP Debug <= 1.0.0 - Unauthenticated Sensitive Information Exposure

The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location wp-content/uploads/ssp-debug/ssp-debug.log without any access controls. This...

CVE-2025-12996

Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025...

CVE-2025-12996

Medtronic CareLink Network is affected. A local attacker with access to log files on an internal API server can view plaintext passwords from errors logged under certain circumstances, causing information disclosure. This affects versions prior to December 4, 2025. Remediation per PT-2025-49126 i...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to logging as unsanitized plaintext. An attacker can gain unauthorized access to sensitive information and potentially escalate privileges by accessing unsanitized logs containing...

BIT-NGINX-AGENT-2023-1550 NGINX Agent vulnerability CVE-2023-1550

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when...

CVE-2025-13611 Insertion of Sensitive Information into Log File in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with access to certain logs to obtain sensitive tokens under specific conditions...

CVE-2025-13611 Insertion of Sensitive Information into Log File in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.5.5 and 18.6 before 18.6.3 that could have allowed an authenticated user with access to certain logs to obtain sensitive tokens under specific conditions...

PT-2025-47693

The Checkbox plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wp ajax nopriv checkbox clean log' AJAX endpoint in all versions up to, and including, 2.8.10. This makes it possible for unauthenticated attackers to clear log files...

CVE-2025-10703

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

TencentOS Server 4: clamav (TSSA-2025:0012)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0012 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2025-63212

GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers sid in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions...

CVE-2025-63212

GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers sid in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions...

CVE-2025-13315

Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password...