Facade Ignition < 1.16.14 / 2.x < 2.4.2 / 2.5.x < 2.5.2 RCE

The version of Facade Ignition installed of the remote host is prior to 1.16.14, or 2.x prior to 2.4.2, or 2.5.x prior to 2.5.2. It is, therefore, affected by a remote code execution vulnerability. Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attacke...

WP 404 Auto Redirect to Similar Post < 1.0.5 - Reflected Cross-Site Scripting via Debug Mode URI

Description The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URI in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

Django Debug Mode Enabled

Django is a free and open-source Python web application framework which offers a debug mode which allows developers to get additional information to help troubleshooting their applications including stack traces on error pages, exposing variables defined in your Django settings. A remote...

Information Disclosure

Umbraco is vulnerable to Sensitive Information Disclosure. The vulnerability is due to failing webhooks logs being accessible when the solution is not in debug mode, which can contain critical information...

GHSA-74P6-39F2-23V3 Blind SSRF Leads to Port Scan by using Webhooks

Impact Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. Affected Versions Umbraco versions 13.0.0 - 13.1.1 Patches 13.1.1 Workarounds Disabling webhooks functionality...

CVE-2024-29035

Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1...

Information Exposure

Overview UmbracoCms.Core is an ASP.NET CMS. Affected versions of this package are vulnerable to Information Exposure due to the logging of failing webhooks when the solution is not in debug mode. An attacker can obtain critical information that should not be accessible externally by exploiting th...

CVE-2024-29035 Umbraco's Blind SSRF Leads to Port Scan by using Webhooks

Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1...

CVE-2024-29035

CVE-2024-29035 affects Umbraco CMS (ASP.NET). The issue is information disclosure through failing webhook logs that expose sensitive data when the solution is not in debug mode. The vulnerability is mitigated by upgrading to Umbraco 13.1.1 (or applying the fix described in the associated advisori...

Umbraco 安全漏洞

Umbraco is an open source content management system CMS written in C by the Danish company Umbraco. A security vulnerability exists in Umbraco version 13.0.0 and earlier, which originates from a vulnerability that allows an attacker to view webhook logs while in debug mode, which could lead to...

PT-2024-22688

Name of the Vulnerable Software and Affected Versions Umbraco versions 13.0.0 through 13.1.0 Description The issue concerns the availability of failing webhooks logs when the solution is not in debug mode, potentially containing critical information. Recommendations For Umbraco versions 13.0.0...

Church Admin < 4.0.28 - Cross-Site Request Forgery

Description The Church Admin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.27. This is due to missing or incorrect nonce validation on the cadebugmode function. This makes it possible for unauthenticated attackers to enable debug mode via a...

CVE-2024-29945

In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at...

CVE-2024-29945

In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at...

CVE-2024-29945

CVE-2024-29945 affects Splunk Enterprise: authentication tokens can be exposed during token validation when running in debug mode or JsonWebToken logging at DEBUG. Affected versions are Splunk Enterprise &lt; 9.2.1, &lt; 9.1.4, and

PT-2024-2450 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.1 Splunk Enterprise versions prior to 9.1.4 Splunk Enterprise versions prior to 9.0.9 Description: The issue is related to the exposure of authentication tokens in Splunk Enterprise. This exposure can...

CVE-2024-27914 Reflected Cross-Site Scripting (XSS) in search engine when debug mode is enabled in GLPI

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if...

CVE-2024-27914 Reflected Cross-Site Scripting (XSS) in search engine when debug mode is enabled in GLPI

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if...

CVE-2023-5457

A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application due to the “debug” configuration parameter set to “True” allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to t...

CVE-2024-1775

The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the ‘errordescription’ parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping. This makes it possible for...