CVE-2024-1681

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...

CVE-2024-32582

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bowo Debug Log Manager allows Stored XSS.This issue affects Debug Log Manager: from n/a through 2.3.1...

CVE-2024-32582 WordPress Debug Log Manager plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bowo Debug Log Manager allows Stored XSS.This issue affects Debug Log Manager: from n/a through 2.3.1...

CVE-2024-32582 WordPress Debug Log Manager plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bowo Debug Log Manager allows Stored XSS.This issue affects Debug Log Manager: from n/a through 2.3.1...

CVE-2024-32582

CVE-2024-32582 is a Stored XSS vulnerability in the WordPress plugin Debug Log Manager (vulnerable from n/a up to 2.3.1). The issue arises from improper input neutralization during web page generation, enabling malicious scripts to be stored and executed in a user’s browser. The CVSS score in pro...

WordPress Plugin Debug Log Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Debug Log Manager plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Debug Log Manager versions = 2.3.1...

WordPress Debug Log Manager Plugin <= 2.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Debug Log Manager Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-32582 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1f92fe55cb9f Credits Majed Refaea Required...

DEBIAN-CVE-2021-47204

In the Linux kernel, the following vulnerability has been resolved: net: dpaa2-eth: fix use-after-free in dpaa2ethremove Access to netdev after freenetdev will cause use-after-free bug. Move debug log before freenetdev call to avoid it...

CVE-2024-2302

The Easy Digital Downloads – Sell Digital Files & Subscriptions eCommerce Store + Payments Made Easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via...

PT-2024-19637 · WordPress · Easy Digital Downloads

Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads – Sell Digital Files & Subscriptions plugin for WordPress versions up to, and including, 3.2.9 Description: The issue allows unauthenticated attackers to download the debug log via Directory Listing, potentially exposin...

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) < 3.2.10 - Sensitive Information Exposure

Description The Easy Digital Downloads – Sell Digital Files & Subscriptions eCommerce Store + Payments Made Easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the...

CVE-2024-29945 Splunk Authentication Token Exposure in Debug Log in Splunk Enterprise

In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at...

CVE-2023-44989 WordPress CF7 Google Sheets Connector plugin <= 5.0.5 - Sensitive Data Exposure via Debug Log vulnerability

Insertion of Sensitive Information into Log File vulnerability in GSheetConnector CF7 Google Sheets Connector.This issue affects CF7 Google Sheets Connector: from n/a through 5.0.5...

GO-2024-2482 Information leak in github.com/goreleaser/goreleaser

Secret values can be printed to the --debug log when using a a custom publisher...

santuario: Private Key disclosure in debug-log output

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

santuario: Private Key disclosure in debug-log output

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

Design/Logic Flaw

A vulnerability was found in python-glance-store. The issue occurs when the package logs the accesskey for the glance-store when the DEBUG log level is enabled...

CVE-2024-1141 Glance-store: glance store access key logged in debug log level

A vulnerability was found in python-glance-store. The issue occurs when the package logs the accesskey for the glance-store when the DEBUG log level is enabled...

CVE-2024-1141 Glance-store: glance store access key logged in debug log level

A vulnerability was found in python-glance-store. The issue occurs when the package logs the accesskey for the glance-store when the DEBUG log level is enabled...