494 matches found
CVE-2025-27391
CVE-2025-27391 affects Apache ActiveMQ Artemis. When debug logging is enabled for the broker, the system logs all broker property values via the ConfigurationImpl logger, potentially exposing sensitive information. Affected versions are from 1.5.1 up to (but not including) 2.40.0. Impact is expos...
GPT Academic Cross-Site Scripting Vulnerability
GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a cross-site scripting vulnerability that stems from the Latex Proof-Reading Module's lack of effective filtering and escaping of user-supplied data, which ca...
CVE-2025-0183 Stored XSS in binary-husky/gpt_academic
A stored cross-site scripting XSS vulnerability exists in the Latex Proof-Reading Module of binary-husky/gptacademic version 3.9.0. This vulnerability allows an attacker to inject malicious scripts into the debuglog.html file generated by the module. When an admin visits this debug report, the...
GPT Academic 跨站脚本漏洞
GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a cross-site scripting vulnerability that stems from the Latex Proof-Reading Module's lack of effective filtering and escaping of user-supplied data, which ca...
IBM Cognos Analytics Mobile 安全漏洞
IBM Cognos Analytics Mobile is an application from International Business Machines IBM, Inc. integrates reporting, modeling, analytics, dashboards, cases, and event management. A security vulnerability exists in IBM Cognos Analytics Mobile version 1.1, which originates from debug code log message...
Autodesk: Exposing debug.log file leads to server full path disclosure
Vulnerability description not provided...
CVE-2020-5262
In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...
CVE-2024-32582
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bowo Debug Log Manager allows Stored XSS.This issue affects Debug Log Manager: from n/a through 2.3.1...
CVE-2024-20440
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...
PT-2025-2236 · WordPress · Ecpay Ecommerce For Woocommerce
Name of the Vulnerable Software and Affected Versions: ECPay Ecommerce for WooCommerce plugin for WordPress versions up to, and including, 1.1.2411060 Description: The issue is related to a missing capability check on the 'clear ecpay debug log' AJAX action. This allows authenticated attackers wi...
CVE-2024-12008
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For exampl...
CVE-2024-12008
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For exampl...
CVE-2024-12008 W3 Total Cache <= 2.8.1 Information Exposure via Log Files
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For exampl...
CVE-2024-12008 W3 Total Cache <= 2.8.1 Information Exposure via Log Files
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For exampl...
CVE-2024-12008
CVE-2024-12008 (W3 Total Cache for WordPress) is described in connected Red Hat documentation as a vulnerability to Information Exposure in all versions up to and including 2.8.1, exposed via the publicly accessible debug log file. The issue allows unauthenticated attackers to view potentially se...
PT-2025-1728 · WordPress · W3 Total Cache
Name of the Vulnerable Software and Affected Versions: W3 Total Cache plugin for WordPress versions 2.8.1 and earlier Description: The issue allows unauthenticated attackers to view potentially sensitive information in the exposed log file, which may contain nonce values that can be used in furth...
CVE-2024-52067
CVE-2024-52067 affects Apache NiFi 1.16.0–1.28.0 and 2.0.0-M1–2.0.0-M4. The issue is optional debug logging of Parameter Context values during flow synchronization, which an authorized admin could enable to write parameter names and values to logs. Deployments with the default Logback config do n...
(Blind) Stored XSS through the debug_log.html generated by the Latex Proof-Reading Module
This report is not public...
CVE-2022-4974
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up to, and...
PT-2024-11911 · Freemius · Freemius Sdk
Name of the Vulnerable Software and Affected Versions: Freemius SDK versions up to, and including 2.4.2 Freemius SDK versions prior to 2.4.3 Description: The issue concerns Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the...