Lucene search
K

331 matches found

CVE
CVE
added 2 days ago11 views

CVE-2026-12557

CVE-2026-12557 affects the Ninja Forms - File Uploads plugin for WordPress. All versions up to 3.3.29 allow an unauthenticated user to bypass authorization, enabling reads of plugin debug logs stored in the wp_nf3_log table and permanent deletion of log rows via the debug-log/delete-all and debug...

5.3CVSS5.8AI score0.00223EPSS
Exploits0References2
Nuclei
Nuclei
added 3 days ago69 views

SMTP WP Plugin Directory Listing

The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access. id: CVE-2020-35234 info: name: SMTP WP Plugin Directory Listing author: PR3R00T severity: high description: The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and i...

7.5CVSS7.1AI score0.63407EPSS
Exploits3References5
NVD
NVD
added 6 days ago10 views

CVE-2026-13750

Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. An attacker could exploit this by obtaining read access to the affected user's local log files, causing credentials such as...

5.5CVSS0.00108EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-40137

Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. An attacker could exploit this by obtaining read access to the affected user's local log files, causing credentials such as...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-53313

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Sensitive information is inserted into log files in plaintext. This occurs when credentials, such as passwords, tokens, or private key material, are written to persistent local debug logs. An...

5.5CVSS6AI score0.00108EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 9:56 p.m.15 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Kafka (CVE-2026-35554)

Summary A vulnerability in Apache Kafka that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2026-33558 DESCRIPTION: Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and response...

8.7CVSS5.8AI score0.00535EPSS
Exploits0Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability in NetworkManager

A flaw was discovered in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. This would cause NetworkManager to crash, resulting in a denial of service...

3.1CVSS5.8AI score0.00447EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in python-oslo.utils

A flaw was discovered in python-oslo-utils. Due to improper parsing, passwords that contain double quotes " cause incorrect masking in debug logs, resulting in any part of the password after the double quote being displayed as plain text...

4.9CVSS6.1AI score0.01335EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/07 8:59 a.m.15 views

CVE-2026-8438

The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanitization in the getrestroute function and missing output escaping in the columndefault method of the...

7.2CVSS5.8AI score0.00338EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/06 1:26 a.m.9 views

CVE-2026-8438 All-In-One Security (AIOS) <= 5.4.7 - Unauthenticated Stored Cross-Site Scripting via REST API Request Path

The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanitization in the getrestroute function and missing output escaping in the columndefault method of the...

7.2CVSS5.8AI score0.00338EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.16 views

PT-2026-47122

Name of the Vulnerable Software and Affected Versions All-In-One Security AIOS – Security and Firewall plugin for WordPress versions prior to 5.4.8 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization in the get rest route function and missing output escaping in t...

7.2CVSS5.7AI score0.00338EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.12 views

CVE-2026-45040

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUSTLOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...

5.3CVSS5.8AI score0.00152EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 6:35 p.m.43 views

CVE-2026-45040

RustFS (Rust-based distributed object storage) prior to version 1.0.0-beta.2 leaks sensitive credentials in logs when RUST_LOG=debug, including SessionToken (JWT), SecretAccessKey, and full JWT claims. The issue’s impact is information disclosure in server logs. Mitigation is upgrading to 1.0.0-b...

5.3CVSS5.8AI score0.00152EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 6:35 p.m.35 views

CVE-2026-45040 RustFS: Sensitive Information Leakage (SessionToken and SecretAccessKey) in RustFS Logs [Debug Mode]

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUSTLOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...

5.3CVSS0.00152EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

rustfs 日志信息泄露漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-beta.2 contained a vulnerability related to log information leakage. This vulnerability occurred due to the exposure of sensitive credentials in debug log outputs, including SessionToken,...

5.3CVSS5.8AI score0.00152EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44468

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUST LOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...

5.3CVSS5.8AI score0.00152EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 10:16 p.m.8 views

CVE-2026-40945

Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This...

8.7CVSS0.00308EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-33558

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the...

5.3CVSS5.7AI score0.00535EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/20 3:31 p.m.5 views

EUVD-2026-23849

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

5.3CVSS5.7AI score0.00535EPSS
Exploits0References4
OSV
OSV
added 2026/04/20 3:31 p.m.4 views

GHSA-WF66-MPHR-4C4R Apache Kafka exposes sensitive information in its DEBUG logs

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

5.3CVSS5.7AI score0.00535EPSS
Exploits0References5
Rows per page
Query Builder