PT-2026-20641

Name of the Vulnerable Software and Affected Versions xmlrpc attacks blocker plugin for WordPress versions prior to 1.1 Description The xmlrpc attacks blocker plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs due to the plugin trusting and logging attacker-controlled...

CVE-2025-46775

A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log...

EUVD-2020-0075

Malware in sbrugna...

Tucows (VDP): Information Disclosure via Accessible debug.log on ExactHosting

Vulnerability description not provided...

Linux Distros Unpatched Vulnerability : CVE-2023-49921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents...

Autodesk: Exposing debug.log file leads to server full path disclosure

Vulnerability description not provided...

Nextcloud: Exposing debug.log file leads to server full path disclosure

The debug.log file on the nextcloud.com website was publicly accessible and contained sensitive information, including the server's full directory path. This type of information disclosure could have assisted attackers in understanding the internal structure of the server...

PT-2024-19637 · WordPress · Easy Digital Downloads

Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads – Sell Digital Files & Subscriptions plugin for WordPress versions up to, and including, 3.2.9 Description: The issue allows unauthenticated attackers to download the debug log via Directory Listing, potentially exposin...

santuario: Private Key disclosure in debug-log output

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Ewww Image_Optimizer

CVE-2023-40600 EWWW Image Optimizer = 7.2.0 - Unauthentica...

GHSA-55VQ-XPJF-R2XC Lightbend Alpakka Kafka logs credentials on debug level

Lightbend Alpakka Kafka before 4.0.2 logs its configuration as debug information, and thus log files may contain credentials if plain cleartext login is configured. This occurs in akka.kafka.internal.KafkaConsumerActor...

UBUNTU-CVE-2022-0718

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote " in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext...

Medium: docker

Issue Overview: Docker Engine before 18.09 allows attackers to cause a denial of service dockerd memory consumption via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemonunix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. CVE-2018-20699 A command injectio...

All Vulnerabilities for moovee.me Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| moovee.me ---|--- Open Bug Bounty...

All Vulnerabilities for dlsu.edu.ph Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| dlsu.edu.ph ---|--- Open Bug Bounty...