148 matches found
CVE-2025-24355
Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...
CVE-2024-11986
Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scriptin...
CVE-2025-24504
An improper input validation the CSRF filter results in unsanitized user input written to the application logs...
CVE-2025-24504
CVE-2025-24504 affects Broadcom Symantec Privileged Access Management . The root cause is an improper input validation in the CSRF filter , resulting in unsanitized user input being written to application logs . The provided documents do not specify exploitation details or a remediation/fix versi...
CVE-2025-24504
An improper input validation the CSRF filter results in unsanitized user input written to the application logs...
CVE-2025-24504
An improper input validation the CSRF filter results in unsanitized user input written to the application logs...
CVE-2025-0736 Org.infinispan-infinispan-parent: exposure of sensitive information in application logs
A flaw was found in Infinispan, when using JGroups with JDBCPING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by maliciou...
GHSA-V34R-VJ4R-38J6 Updatecli exposes Maven credentials in console output
Summary Private maven repository credentials leaked in application logs in case of unsuccessful retrieval operation. Details During the execution of an updatecli pipeline which contains a maven source configured with basic auth credentials, the credentials are being leaked in the application...
CVE-2025-24355 Updatecli may expose Maven credentials in console output
Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...
CVE-2025-24355 Updatecli may expose Maven credentials in console output
Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...
CVE-2024-8474
OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic...
CVE-2024-11986
Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scriptin...
CVE-2024-11986
CVE-2024-11986 involves improper input handling of the Host Header in CrushFTP, allowing an unauthenticated attacker to craft input that is stored in web application logs and can execute when an Administrator views the logs. Connected sources identify CrushFTP as the affected product and note the...
CVE-2024-11193
An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access...
CVE-2024-52314
CVE-2024-52314 relates to data.all. Multiple connected sources describe a vulnerable scenario where a data.all admin team member with access to a customer‑owned AWS account can potentially extract user data from data.all application logs by scanning CloudWatch logs for operations interacting with...
PT-2024-35174 · Amazon +1 · Cloudwatch +2
Name of the Vulnerable Software and Affected Versions: data.all affected versions not specified Description: A data.all admin team member with access to the customer-owned AWS Account where data.all is deployed may be able to extract user data from data.all application logs via CloudWatch log...
CVE-2024-9621 Io.quarkiverse.cxf:quarkus-cxf: quarkus cxf may log user password and secret to application log
A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging...
CVE-2024-9621
CVE-2024-9621 concerns Quarkus CXF/quarkus-cxf where passwords and other secrets can appear in application logs despite redaction. The issue requires specific configuration (e.g., SOAP logging enabled, client/app/endpoint logging properties) and attacker must access logs. CVSSv3.1 base score 5.3 ...
PT-2024-5831 · Mailcow · Mailcow
Name of the Vulnerable Software and Affected Versions: mailcow: dockerized versions prior to 2024-07 Description: The issue allows an unauthenticated attacker to inject a JavaScript payload into the API logs. This payload is executed when the API logs page is viewed, potentially allowing an...
CVE-2024-0006 DB User Password Leak in Application Log
Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access...