8605 matches found
EUVD-2019-19922
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log...
CVE-2019-25605
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...
CVE-2019-25590
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log...
CVE-2019-25605
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...
CVE-2019-25605 EquityPandit 1.0 Insecure Logging Information Disclosure
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...
CVE-2019-25605
EquityPandit 1.0 contains an insecure logging vulnerability that exposes plaintext user credentials through Android Debug Bridge. Attackers could access developer console logs via adb logcat and extract passwords logged during the forgot password flow, compromising user account credentials. The i...
CVE-2019-25590 Axessh 4.2 Denial of Service via Log File Name
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log...
CVE-2019-25590
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log...
CVE-2019-25590 Axessh 4.2 Denial of Service via Log File Name
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log...
CVE-2019-25590
CVE-2019-25590 : Axessh 4.2 suffers a denial-of-service flaw in the logging configuration. A local attacker can crash the application by supplying an excessively long string in the log file name field when session logging is enabled; the crash is triggered during a Telnet session establishment af...
AWS VDP: Encryption context keys and values logged at INFO level
Component: cmd/server/main.go:101-106 Affected Version: aws-encryption-provider @ 4341c70 all versions Found by: Source audit TLP: TLP:Amber --- Summary The server startup code logs all encryption context key-value pairs at INFO level. Encryption context is metadata associated with KMS operations...
EquityPandit 安全漏洞
EquityPandit is a service platform provided by EquityPandit Inc. that offers stock market analysis, investment advice, and market predictions. Version 1.0 of EquityPandit has a security vulnerability. This vulnerability stems from insecure logging practices, which could allow attackers to access...
PT-2026-26993
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...
PT-2026-26978
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log...
EUVD-2025-208914
The WP-WebAuthn plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the wwaauth AJAX endpoint in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes logged by the plugin. This makes it...
CVE-2025-13910 WP-WebAuthn <= 1.3.4 - Unauthenticated Stored Cross-Site Scripting
The WP-WebAuthn plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the wwaauth AJAX endpoint in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes logged by the plugin. This makes it...
CVE-2025-13910
The WP-WebAuthn plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the wwaauth AJAX endpoint in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes logged by the plugin. This makes it...
CVE-2025-13910 WP-WebAuthn <= 1.3.4 - Unauthenticated Stored Cross-Site Scripting
The WP-WebAuthn plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the wwaauth AJAX endpoint in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes logged by the plugin. This makes it...
PT-2026-26797
The WP-WebAuthn plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the wwa auth AJAX endpoint in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes logged by the plugin. This makes it...
Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Openssl
🔐 SSH Exploit Tool Educational Use Only 📌 Description Th...