420 matches found
PT-2026-3011
Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...
CVE-2021-22184
An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted...
RED-V Super Digital Signage System 安全漏洞
RED-V Super Digital Signage System is a digital signage system from RED-V, Italy. A security vulnerability exists in RED-V Super Digital Signage System version 5.1.1, which stems from the presence of an information disclosure vulnerability that could lead to unauthenticated access to sensitive we...
CVE-2023-53895
PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...
EUVD-2023-60195
PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...
PT-2025-51743
Name of the Vulnerable Software and Affected Versions PimpMyLog version 1.7.14 Description The software contains an improper access control issue that allows remote attackers to create administrator accounts without authorization through the configuration endpoint. Attackers can exploit the...
CVE-2025-66549
Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...
CVE-2025-66549 Nextcloud Desktop discloses information when attempting to lock a file inside a end-to-end encrypted directory
Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...
CVE-2025-65239
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs...
CVE-2025-65239
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs...
CVE-2025-65239
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs...
PT-2025-48155
Name of the Vulnerable Software and Affected Versions OpenCode Systems USSD Gateway OC Release:5 version 6.13.11 Description A flaw exists in access control within the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5. This allows attackers with limited privileges to acces...
CVE-2025-65239
CVE-2025-65239 affects OpenCode Systems USSD Gateway OC Release:5 (version 6.13.11). The /aux1/ocussd/trace endpoint has incorrect access control, enabling attackers with low privileges to read server logs. Reported CVSSv3.1 base score is 4.3 (MEDIUM), with network access, low privileges required...
CVE-2025-65239
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs...
OpenCode USSD Gateway 安全漏洞
OpenCode USSD Gateway is an OpenCode open source gateway software for processing and managing USSD messages. A security vulnerability exists in OpenCode USSD Gateway, which stems from improper access control of the /aux1/ocussd/trace endpoint, which could allow a low-privileged attacker to read...
CVE-2025-65239
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs...
Linux Distros Unpatched Vulnerability : CVE-2025-32916
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions 2.4.0p13, 2.3.0p38, 2.2.0p46, and 2.1.0 EOL may cause sensitive form...
CVE-2025-32916 Sensitive form data in URL query parameters
Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions 2.4.0p13, 2.3.0p38, 2.2.0p46, and 2.1.0 EOL may cause sensitive form data to be included in URL query parameters, which may be logged in various places such as browser history or web server logs...
EUVD-2019-3165
Malware in sbrugna...
EUVD-2013-4023
Malware in sbrugna...