Lucene search
+L

148 matches found

redhatcve
redhatcve
added 2025/02/06 2:31 a.m.9 views

CVE-2025-24355

Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...

7.1CVSS6.7AI score0.00224EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/05 1:40 a.m.5 views

CVE-2024-11986

Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scriptin...

9.6CVSS6.2AI score0.00554EPSS
Exploits0References1
nvd
nvd
added 2025/01/30 7:15 p.m.11 views

CVE-2025-24504

An improper input validation the CSRF filter results in unsanitized user input written to the application logs...

5.3CVSS0.00228EPSS
Exploits0References1
cve
cve
added 2025/01/30 6:31 p.m.49 views

CVE-2025-24504

CVE-2025-24504 affects Broadcom Symantec Privileged Access Management . The root cause is an improper input validation in the CSRF filter , resulting in unsanitized user input being written to application logs . The provided documents do not specify exploitation details or a remediation/fix versi...

5.3CVSS6.6AI score0.00228EPSS
Exploits0References1
cvelist
cvelist
added 2025/01/30 6:31 p.m.17 views

CVE-2025-24504

An improper input validation the CSRF filter results in unsanitized user input written to the application logs...

5.3CVSS0.00228EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/01/30 6:31 p.m.5 views

CVE-2025-24504

An improper input validation the CSRF filter results in unsanitized user input written to the application logs...

5.3CVSS6.6AI score0.00228EPSS
Exploits0References1
cvelist
cvelist
added 2025/01/28 9:12 a.m.35 views

CVE-2025-0736 Org.infinispan-infinispan-parent: exposure of sensitive information in application logs

A flaw was found in Infinispan, when using JGroups with JDBCPING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by maliciou...

5.5CVSS0.00211EPSS
Exploits0References3
osv
osv
added 2025/01/24 6:45 p.m.9 views

GHSA-V34R-VJ4R-38J6 Updatecli exposes Maven credentials in console output

Summary Private maven repository credentials leaked in application logs in case of unsuccessful retrieval operation. Details During the execution of an updatecli pipeline which contains a maven source configured with basic auth credentials, the credentials are being leaked in the application...

7.1CVSS7AI score0.00224EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2025/01/24 4:48 p.m.9 views

CVE-2025-24355 Updatecli may expose Maven credentials in console output

Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...

7.1CVSS7.2AI score0.00224EPSS
Exploits0References2
osv
osv
added 2025/01/24 4:48 p.m.10 views

CVE-2025-24355 Updatecli may expose Maven credentials in console output

Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...

7.1CVSS7AI score0.00224EPSS
Exploits0References4
osv
osv
added 2025/01/06 3:15 p.m.4 views

CVE-2024-8474

OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic...

7.5CVSS7.5AI score0.00535EPSS
Exploits0References1
nvd
nvd
added 2024/12/13 2:15 p.m.16 views

CVE-2024-11986

Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scriptin...

9.6CVSS0.00554EPSS
Exploits0References1
cve
cve
added 2024/12/13 1:46 p.m.48 views

CVE-2024-11986

CVE-2024-11986 involves improper input handling of the Host Header in CrushFTP, allowing an unauthenticated attacker to craft input that is stored in web application logs and can execute when an Administrator views the logs. Connected sources identify CrushFTP as the affected product and note the...

9.6CVSS9AI score0.00554EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/11/13 9:4 p.m.8 views

CVE-2024-11193

An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access...

4.9CVSS6.5AI score0.00326EPSS
Exploits0References1
cve
cve
added 2024/11/09 12:43 a.m.59 views

CVE-2024-52314

CVE-2024-52314 relates to data.all. Multiple connected sources describe a vulnerable scenario where a data.all admin team member with access to a customer‑owned AWS account can potentially extract user data from data.all application logs by scanning CloudWatch logs for operations interacting with...

6.9CVSS5AI score0.00393EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2024/11/08 12:0 a.m.7 views

PT-2024-35174 · Amazon +1 · Cloudwatch +2

Name of the Vulnerable Software and Affected Versions: data.all affected versions not specified Description: A data.all admin team member with access to the customer-owned AWS Account where data.all is deployed may be able to extract user data from data.all application logs via CloudWatch log...

6.9CVSS6.8AI score0.00393EPSS
Exploits0References8
osv
osv
added 2024/10/08 4:26 p.m.2 views

CVE-2024-9621 Io.quarkiverse.cxf:quarkus-cxf: quarkus cxf may log user password and secret to application log

A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging...

5.3CVSS6.1AI score0.00518EPSS
Exploits0References7
cve
cve
added 2024/10/08 4:26 p.m.85 views

CVE-2024-9621

CVE-2024-9621 concerns Quarkus CXF/quarkus-cxf where passwords and other secrets can appear in application logs despite redaction. The issue requires specific configuration (e.g., SOAP logging enabled, client/app/endpoint logging properties) and attacker must access logs. CVSSv3.1 base score 5.3 ...

5.3CVSS6.8AI score0.00518EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2024/08/05 12:0 a.m.9 views

PT-2024-5831 · Mailcow · Mailcow

Name of the Vulnerable Software and Affected Versions: mailcow: dockerized versions prior to 2024-07 Description: The issue allows an unauthenticated attacker to inject a JavaScript payload into the API logs. This payload is executed when the API logs page is viewed, potentially allowing an...

9CVSS6.8AI score0.00352EPSS
Exploits0References9
vulnrichment
vulnrichment
added 2024/07/19 2:26 p.m.12 views

CVE-2024-0006 DB User Password Leak in Application Log

Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access...

5.4CVSS6.5AI score0.00266EPSS
Exploits0References3
Rows per page
Query Builder