Lucene search
K

158 matches found

CVE
CVE
added 2025/06/06 11:13 a.m.56 views

CVE-2025-5760

CVE-2025-5760 (WordPress Simple History plugin) exposes passwords via logs when Detective Mode is on. In affected versions prior to 5.8.1, append_debug_info_to_context() sanitization is insufficient, causing the plugin to log entire $_POST (and sometimes raw request bodies or $_GET) including pas...

4.9CVSS6.9AI score0.00378EPSS
Exploits0References7
OSV
OSV
added 2025/06/06 11:13 a.m.3 views

CVE-2025-5760 Simple History <= 5.8.1 - Authenticated (Administrator+) Sensitive Information Exposure via Detective Mode

The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the appenddebuginfotocontext function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $POST and...

4.9CVSS6AI score0.00378EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2025/06/06 11:13 a.m.5 views

CVE-2025-5760 Simple History <= 5.8.1 - Authenticated (Administrator+) Sensitive Information Exposure via Detective Mode

The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the appenddebuginfotocontext function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $POST and...

4.9CVSS6.9AI score0.00378EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/06/06 11:13 a.m.14 views

CVE-2025-5760 Simple History <= 5.8.1 - Authenticated (Administrator+) Sensitive Information Exposure via Detective Mode

The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the appenddebuginfotocontext function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $POST and...

4.9CVSS0.00378EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/05/23 3:31 p.m.19 views

CVE-2025-32967 OpenEMR doesn't log password administration properly

OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrators from auditing critical actions. This...

5.4CVSS0.00238EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/23 3:31 p.m.9 views

CVE-2025-32967 OpenEMR doesn't log password administration properly

OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrators from auditing critical actions. This...

5.4CVSS5.6AI score0.00238EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:16 a.m.8 views

CVE-2024-53865

zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creati...

8.2CVSS6.6AI score0.00135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:44 a.m.9 views

CVE-2023-22481

FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in users//logapi.txt in the case where the authentication fails. The issues occurs in authorizationToUser in greader.php. If there is an issue with the request or the credentials,...

5.5CVSS7AI score0.00474EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:55 a.m.8 views

CVE-2023-34223

In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases...

5.3CVSS6.8AI score0.01326EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:36 a.m.6 views

CVE-2023-28441

smartCARS 3 is flight tracking software. In version 0.5.8 and prior, all persons who have failed login attempts will have their password stored in error logs. This problem doesn't occur in version 0.5.9. As a workaround, delete the affected log file, and ensure one logs in correctly...

8CVSS6.8AI score0.00356EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:5 a.m.11 views

CVE-2022-28167

Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log...

6.5CVSS7.1AI score0.00619EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:52 p.m.6 views

CVE-2022-43936

Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled...

6.8CVSS6.9AI score0.00766EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:26 p.m.10 views

CVE-2021-25688

Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs...

5.5CVSS7.1AI score0.00243EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:27 p.m.10 views

CVE-2020-17511

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field...

6.5CVSS6.8AI score0.02537EPSS
Exploits0
OSV
OSV
added 2025/04/10 2:40 p.m.4 views

CVE-2025-32382 Snowflake credentials logged by the Metabase backend

Metabase is an open source Business Intelligence and Embedded Analytics tool. When admins change Snowflake connection details in Metabase either updating a password or changing password to private key or vice versa, Metabase would not always purge older Snowflake connection details from the...

1.8CVSS6.9AI score0.00337EPSS
Exploits0References3
OSV
OSV
added 2025/03/06 6:30 a.m.21 views

GHSA-W4RH-FGX7-Q63M ray vulnerable to Insertion of Sensitive Information into Log File

Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the password. This is only...

6.4CVSS7.2AI score0.00183EPSS
Exploits0References7
NVD
NVD
added 2025/03/06 5:15 a.m.29 views

CVE-2025-1979

Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the password. This is only...

6.4CVSS0.00183EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2010-2387

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vicious-extensions/ve-misc.c in GNOME Display Manager gdm 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8...

1.9CVSS6.5AI score0.00524EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/14 12:40 p.m.7 views

CVE-2023-50740

In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...

5.3CVSS6.6AI score0.00901EPSS
Exploits0
CVE
CVE
added 2025/01/14 7:11 p.m.104 views

CVE-2024-55891

Summary: CVE-2024-55891 affects TYPO3 where the install tool password may be logged in plaintext if the password hashing mechanism is incorrect. Impact: information disclosure of the install password. Affected versions: TYPO3 prior to 13.4.3 ELTS. Mitigation: update to TYPO3 version 13.4.3 ELTS (...

5.3CVSS4.1AI score0.00308EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder