64 matches found
CVE-2025-62358
WeGIA is a Web Manager for institutions. CVE-2025-62358 describes a Reflected XSS in the log parameter of configuracao_geral.php, prior to version 3.5.1, allowing an attacker to inject arbitrary JavaScript that runs in the victim’s browser. The issue is mitigated by upgrading to version 3.5.1 or ...
CVE-2025-62358 WeGIA Reflected XSS to Account TakeOver at /html/configuracao/configuracao_geral.php via log parameter
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, the log parameter in configuracaogeral.php is vulnerable to Reflected Cross-Site Scripting XSS. An attacker can inject arbitrary JavaScript, which executes in the victim’s browser. This...
PT-2025-41819
Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.5.1 Description WeGIA is a web management application designed for institutions, particularly those using the Portuguese language. A Reflected Cross-Site Scripting XSS issue exists in the log parameter of the...
WeGIA 跨站脚本漏洞
WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A cross-site scripting vulnerability exists in WeGIA versions prior to 3.5.1, which stems from an unvalidated log parameter in configuracaogeral.php and could lead to a reflective cross-site scripting...
EUVD-2020-29776
Malware in sbrugna...
EUVD-2025-26728
Malicious code in bioql PyPI...
CVE-2025-34185
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a pre-authentication file disclosure vulnerability via the 'dblog' POST parameter. Remote attackers can retrieve arbitrary files from the server, exposing sensitive system information and credentials...
CVE-2025-34185
Ilevia EVE X1 Server prior to 4.7.18.0.eden is affected by CVE-2025-34185, a pre-authentication file disclosure via the db_log POST parameter. Remote attackers can retrieve arbitrary files from the server, exposing sensitive system information and credentials. This is an unauthenticated disclosur...
PT-2025-38075
Name of the Vulnerable Software and Affected Versions: Ilevia EVE X1 Server versions prior to 4.7.18.0.eden Description: Ilevia EVE X1 Server versions prior to 4.7.18.0.eden contain a pre-authentication file disclosure issue via the db log POST parameter. Remote attackers can retrieve arbitrary...
CVE-2025-9517 atec Debug <= 1.2.22 - Authenticated (Administrator+) Remote Code Execution
The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This is due to insufficient sanitization when saving the custom log path. This makes it possible for authenticated attackers, with...
PT-2025-35866
Name of the Vulnerable Software and Affected Versions: atec Debug plugin for WordPress versions prior to 1.2.23 Description: The atec Debug plugin for WordPress is susceptible to an arbitrary file read issue. This allows authenticated attackers with Administrator-level access or higher to view th...
PT-2025-35867
Name of the Vulnerable Software and Affected Versions: atec Debug plugin for WordPress versions prior to 1.2.23 Description: The atec Debug plugin for WordPress is susceptible to remote code execution through the custom log parameter due to insufficient sanitization when saving the custom log pat...
Linux Distros Unpatched Vulnerability : CVE-2016-10201
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in...
📄 Ilevia EVE X1 Server 4.7.18.0.eden File Disclosure
Ilevia EVE X1 Server versions 4.7.18.0.eden and below suffer from an unauthenticated file disclosure vulnerability. Using the dblog POST parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. Ilevia EVE X1 Server 4.7.18.0.eden dblog...
Astra Linux – Vulnerability in ansible-core
A flaw was discovered in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plain text during the execution of a playbook. This occurs when tasks such as includevars are used to load vaulted variables without setting the nolog: true parameter. As a result,...
CVE-2022-41762
An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl...
NUUO Camera 注入漏洞
NUUO Camera is a series of webcams from NUUO. An injection vulnerability exists in NUUO Camera 20250203 and earlier versions, which originates in the printfile function of /handleconfig.php with a command injection in the parameter log...
Vim 安全漏洞
Vim is a cross-platform text editor from the Vim open source. A security vulnerability exists in Vim 9.1.1096 and earlier versions, which stems from a memory corruption triggered by the log parameter...
AZL-53163 CVE-2024-8775 affecting package ansible for versions less than 2.17.11-1
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...
PT-2024-39241
Name of the Vulnerable Software and Affected Versions: Ansible affected versions not specified Description: A flaw was found in Ansible where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as...