50 matches found
Improper Encoding or Escaping of Output
Overview org.apache.logging.log4j:log4j-core is a logging library for Java. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the Log4j1XmlLayout plugin. An attacker can cause log events to be silently lost or downstream log processing systems to drop ...
CVE-2025-59090
On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled...
CVE-2025-59090 Unauthenticated SOAP API in dormakaba Kaba exos 9300
On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled...
CVE-2025-59090
CVE-2025-59090 affects dormakaba exos 9300 systems where an unauthenticated SOAP API is exposed on port 8002. The API is reachable without credentials, enabling an attacker with network access to create arbitrary access log events and query 2FA PINs linked to enrolled chip cards. CVSS metrics in ...
CVE-2025-59090 Unauthenticated SOAP API in dormakaba Kaba exos 9300
On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled...
BIT-MEDIAWIKI-2024-40597
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. It can expose suppressed information for log events. The logdeleted attribute is not respected...
CVE-2024-40596
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. TimelineService does not support properly suppressing...
MediaWiki Information Disclosure Vulnerability (CNVD-2024-31484)
MediaWiki is a free content management system written in PHP , which is widely used in Wikipedia and other websites. It is highly extensible and customizable , providing users with a convenient platform to create and manage content . MediaWiki has an information disclosure vulnerability. An...
BIT-MEDIAWIKI-2024-40596
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. TimelineService does not support properly suppressing...
BIT-MEDIAWIKI-2024-40598
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. The logdeleted attribute is not applied to entries...
CVE-2024-40596
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. TimelineService does not support properly suppressing...
CVE-2024-40596
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. TimelineService does not support properly suppressing...
CVE-2024-40598
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. The logdeleted attribute is not applied to entries...
CVE-2024-40598
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. The logdeleted attribute is not applied to entries...
CVE-2024-40597
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. It can expose suppressed information for log events. The logdeleted attribute is not respected...
MediaWiki 安全漏洞
MediaWiki is a free content management system written in PHP , which is widely used in Wikipedia and other websites. It is highly extensible and customizable , providing users with a convenient platform to create and manage content . MediaWiki has an information disclosure vulnerability. An...
CVE-2024-40597
The CVE-2024-40597 vulnerability affects the MediaWiki CheckUser extension up to version 1.42.1, where the log_deleted attribute is not respected, allowing exposure of suppressed log-event information. Impact: potential disclosure of sensitive log data (confidentiality is HIGH per CVSS). The issu...
CVE-2024-40598
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. The logdeleted attribute is not applied to entries...
CVE-2024-40598
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. The logdeleted attribute is not applied to entries...
CVE-2024-40596
CVE-2024-40596 affects MediaWiki’s CheckUser extension through version 1.42.1. The vulnerability arises in the Special:Investigate feature, which can expose suppressed information for log events because the TimelineService does not properly suppress it. Affected component: CheckUser extension (Me...