Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the support packet generation process. An attacker can access sensitive credentials in plaintext by downloading a support packet from the System Console. This is only exploitable if t...

Insertion of Sensitive Information into Log File

Overview github.com/mattermost/mattermost-plugin-calls/server is a package that enables voice calling and screen sharing functionality in Mattermost channels Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the plugin configuration process. ...

PT-2026-41789

Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions 0.7.0 through 0.8.x Description The log enricher mishandles writev buffers by reading only the first iovec entry while using the total iov iter.count as the copy length. When log injection is enabled...

PT-2026-41779

Name of the Vulnerable Software and Affected Versions NiceGUI versions prior to 3.12.0 Description Two FastAPI routes used for serving per-component static assets accept a sub-path parameter that can resolve to a directory instead of a file. When a request resolves to a directory, it triggers an...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: xnio (UTSA-2026-021490)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021490 advisory. A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows...

CVE-2018-25324 Simple Fields 0.2-0.3.5 Local File Inclusion via wp_abspath

Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wpabspath parameter on PHP versions before 5.3.4. Attackers can supply malicious wpabspath values to...

Exploit for Improper Access Control in Adobe Coldfusion

CVE-2023-26360 — Adobe ColdFusion Unauthenticated RCE Python...

CVE-2021-47980

Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col...

EUVD-2021-34833

Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col...

CVE-2021-47980

Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col...

CVE-2021-47980 Fuel CMS 1.4.13 Blind SQL Injection via col Parameter

Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col...

CVE-2021-47980 Fuel CMS 1.4.13 Blind SQL Injection via col Parameter

Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col...

Exposure Of Sensitive Information

io.github.davidalmeidac, sealed-env-core is vulnerable to Exposure of Sensitive Information. The vulnerability is due to embedding the operator’s plaintext TOTP secret in the base64-encoded JWS payload of minted unseal tokens, which allows an attacker to decode observed tokens from logs,...

PT-2026-41466

Name of the Vulnerable Software and Affected Versions Fuel CMS version 1.4.13 Description Authenticated attackers can manipulate database queries by injecting SQL code through the col parameter in the Activity Log interface. By sending requests to the 'logs' endpoint with malicious SQL payloads i...

FUEL CMS SQL注入漏洞

Fuel CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Version 1.4.13 of Fuel CMS has a SQL injection vulnerability. This vulnerability stems from a blind SQL injection flaw, allowing authenticated attackers to manipulate database queries throug...

CVE-2026-44544

gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. gittuf determines the policy to load by inspecting the RSL. Except...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization of escape sequences in log output from commands run with the --log and --log-failed options. An attacker can inject malicious content in workflow logs, which are then rendered unsanitized in some terminal...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization of escape sequences in log output from commands run with the --log and --log-failed options. An attacker can inject malicious content in workflow logs, which are then rendered unsanitized in some terminal...

CVE-2026-45803

gh is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerabilit...

UBUNTU-CVE-2026-45803

gh is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerabilit...