Rocket.Chat 访问控制错误漏洞

Rocket.Chat is a chat software developed by the Rocket.Chat company. Vulnerabilities in access control existed in versions prior to 8.4.0, 8.3.2, 8.2.2, 8.1.3, 8.0.4, 7.13.6, 7.12.7, 7.11.7, and 7.10.10. These vulnerabilities stem from spelling errors in the permission checks for the /api/apps/lo...

EUVD-2025-205634

The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

CVE-2025-14280

The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

CVE-2025-14280 PixelYourSite <= 11.1.5 - Sensitive Information Exposure via Log File

The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

CVE-2025-14280

The CVE concerns the WordPress PixelYourSite plugin. All versions up to 11.1.5 expose sensitive information via publicly accessible log files when the Meta API logs setting is enabled (default disabled). Unauthenticated attackers could read potentially sensitive data from those logs. A partial pa...

PT-2025-53777

Name of the Vulnerable Software and Affected Versions PixelYourSite versions up to and including 11.1.5 Description The PixelYourSite plugin for WordPress is susceptible to sensitive information disclosure through publicly exposed log files. An unauthenticated attacker may be able to view...

CVE-2024-47570

An insertion of sensitive information into log file vulnerability CWE-532 in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions...

EUVD-2024-55312

An insertion of sensitive information into log file vulnerability CWE-532 in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions...

CVE-2024-47570

An insertion of sensitive information into log file vulnerability CWE-532 in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions...

CVE-2024-47570

An insertion of sensitive information into log file vulnerability CWE-532 in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions...

PT-2025-50108

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0 through 7.4.3 FortiProxy versions 7.2.0 through 7.4.3 FortiPAM versions 1.0 through 1.4 FortiSRA version 1.4 Description A flaw exists where sensitive information can be written to log files. Specifically, a read-only...

Fortinet Fortigate Insertion of sensitive information into REST API logs (FG-IR-24-268)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-268 advisory. - An insertion of sensitive information into log file vulnerability CWE-532 in FortiOS 7.4.0... CVE-2024-47570 Note that Ness...

CVE-2025-12996

Medtronic CareLink Network is affected. A local attacker with access to log files on an internal API server can view plaintext passwords from errors logged under certain circumstances, causing information disclosure. This affects versions prior to December 4, 2025. Remediation per PT-2025-49126 i...

EUVD-2024-39293

Malicious code in bioql PyPI...

EUVD-2023-45238

Malicious code in bioql PyPI...

ELADMIN 授权问题漏洞

ELADMIN is a backend management system for elunez individual developers. An authorization issue vulnerability exists in ELADMIN 2.7 and earlier versions, which stems from an improper authorization issue in the /api/logs/error/1 file...

CVE-2024-53865

zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creati...

Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API

A security vulnerability has been discovered in Kubernetes windows nodes that could allow a user with the ability to query a node's '/logs' endpoint to execute arbitrary commands on the host. This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running...

CVE-2024-41959

mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of th...

GHSA-P57H-3CMC-XPJQ Python package "zhmcclient" stores passwords in clear text in its HMC and API logs

Impact The Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: The 'boot-ftp-password' and 'ssc-master-pw' properties when creating or updating a partition in DPM mode, in the zhmcclient API and HMC logs The 'ssc-master-pw' a...