CVE-2025-57813

traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an...

CVE-2025-57813

CVE-2025-57813 affects the traQ messenger (github.com/traPtitech/traQ). Before version 3.25.0, error handling during SQL queries can write sensitive data (e.g., OAuth tokens) to log files. An attacker with log access could trigger SQL errors to illicitly read recorded secrets. The issue is fixed ...

PT-2024-38899 · Fortra · Robot Schedule Enterprise Agent

Name of the Vulnerable Software and Affected Versions: Fortra's Robot Schedule Enterprise Agent versions prior to 3.05 Description: The issue concerns the writing of FTP username and password information to the agent log file when detailed logging is enabled. This affects the security of the syst...

PT-2024-7410 · Siemens · Scalance Mum856-1 +13

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM RM1224 LTE4G EU versions V8.1 RUGGEDCOM RM1224 LTE4G NAM versions V8.1 SCALANCE M804PB versions V8.1 SCALANCE M812-1 ADSL-Router family versions V8.1 SCALANCE M816-1 ADSL-Router family versions V8.1 SCALANCE M826-2 SHDSL-Router...

PT-2024-19189 · Elspec · Elspec G5 Digital Fault Recorder

Name of the Vulnerable Software and Affected Versions: Elspec G5 digital fault recorder versions 1.1.4.15 and before Description: An issue was discovered in the system logs download mechanism, allowing directory traversal to occur. This could potentially expose system logs. If local network acces...

PT-2024-19195 · Elspec · Elspec G5 Digital Fault Recorder

Name of the Vulnerable Software and Affected Versions: Elspec G5 digital fault recorder versions 1.1.4.15 and before Description: An issue was discovered where cleartext passwords and hashes are exposed through log files. Recommendations: For Elspec G5 digital fault recorder versions 1.1.4.15 and...

PT-2024-40186 · Python · Python

Name of the Vulnerable Software and Affected Versions: Python versions prior to 0.4. Description: The issue affects users who do not want tracebacks included in their logs when errors occur in their code. If a user's code inadvertently includes sensitive information in a traceback and a malicious...

PT-2024-15238 · WordPress · Backup/Restore Wordpress – Backup Plugin

Name of the Vulnerable Software and Affected Versions: Backup and Restore WordPress plugin versions 1.45 and earlier Description: The issue allows unauthenticated users to access sensitive information, such as site configuration, by not protecting some log files. This poses a severe threat to...

PT-2024-1918 · Ibm · Ibm Qradar Suite +1

Name of the Vulnerable Software and Affected Versions: IBM QRadar Suite versions 1.10.12.0 through 1.10.17.0 IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0 Description: The issue is related to insufficient protection of registration data in the IBM QRadar Suite and IBM Cloud Pak f...

PT-2024-1641 · Splunk · Splunk Add-On Builder

Name of the Vulnerable Software and Affected Versions: Splunk Add-on Builder versions prior to 4.1.4 Description: The issue is related to the application writing user session tokens to its internal log files when visiting the Splunk Add-on Builder or when building or editing a custom app or add-o...

PT-2023-29935 · Spicedb · Spicedb

Name of the Vulnerable Software and Affected Versions: SpiceDB versions prior to 1.27.0-rc1 Description: SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. When the provided datastore URI is malformed, such as having a...

PT-2023-8572 · N Able · N-Able Passportal Extension

Name of the Vulnerable Software and Affected Versions: N-able PassPortal extension versions prior to 3.29.2 for Chrome Description: The issue is related to insufficient protection of registration data, which may allow an attacker to gain unauthorized access to protected information. The N-able...

PT-2022-21180 · Siemens · Sinema Remote Connect Server

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.1 Description: A vulnerability has been identified that could expose sensitive user information. This occurs when a customized HTTP POST request forces the application to write the status of a...

PT-2012-5456 · Intel +2 · Ibacm +2

Name of the Vulnerable Software and Affected Versions: ibacm version 1.0.7 Description: The issue allows local users to overwrite the ib acm daemon log or ibacm.port file due to world-writable permissions set by ibacm 1.0.7. Recommendations: For ibacm version 1.0.7, consider changing the file...

PT-2010-1348 · Acme.Com +2 · Mini Httpd +2

Name of the Vulnerable Software and Affected Versions: mini httpd version 1.19 Description: The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator, as mini httpd writes data t...