4596 matches found
MagnusBilling Login Logs - Cross-Site Scripting
Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is...
Kibana 8.x < 8.18.9 / 8.19.x < 8.19.6 / 9.0.x < 9.0.8 / 9.1.x < 9.1.6 Information Disclosure (ESA-2026-50)
The version of Kibana installed on the remote host is 8.x prior to 8.18.9, 8.19.x prior to 8.19.6, 9.0.x prior to 9.0.8, or 9.1.x prior to 9.1.6. It is, therefore, affected by an information disclosure vulnerability: - Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to...
CVE-2026-56459
HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...
EUVD-2026-42547
HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...
CVE-2026-14345
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values...
CVE-2026-14345 WPFunnels <= 3.12.7 - Unauthenticated Remote Code Execution via 'postData' Parameter
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values...
CVE-2026-14345
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values...
EUVD-2026-42009
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values...
CVE-2026-14345
The CVE-2026-14345 entry concerns the WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell (WordPress plugin). Affected versions up to and including 3.12.7 are vulnerable to Remote Code Execution via the postData parameter. The root cause is an unsanitized write of attacker...
PT-2026-56149
Name of the Vulnerable Software and Affected Versions WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell versions prior to 3.12.8 Description Unauthenticated attackers can achieve Remote Code Execution by sending unsanitized values through the postData parameter. The plug...
CVE-2026-46467
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low...
CVE-2026-46467
Dell PowerProtect Data Domain (versions 7.7.1.0–8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) contains an insertion of sensitive information into log files. A low-privileged, local attacker could exploit this to cause information exposure. The CVE is documen...
EUVD-2026-41543
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low...
CVE-2026-46467
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low...
CVE-2026-49088
Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to information disclosure. When the optional application performance monitoring APM instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to...
EUVD-2026-41093
Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to information disclosure. When the optional application performance monitoring APM instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to...
CVE-2026-49088 Insertion of Sensitive Information into Log File in Kibana Leading to Information Disclosure
Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to information disclosure. When the optional application performance monitoring APM instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to...
CVE-2026-58037
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php,...
CVE-2026-12086 IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Insertion of Sensitive Information into Log File Vulnerability
IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user...
PYSEC-2026-544 MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper
Summary The logfilename parameter in the statado API and CLI is directly interpolated into a Stata command string without sanitization. The security guard GuardValidator only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands including...