321 matches found
CVE-2025-58172 drawnix debug logging cross-site scripting vulnerability
drawnix is an all in one open-source whiteboard tool. In drawnix versions through 0.2.1, a cross-site scripting XSS vulnerability exists in the debug logging functionality. User controlled content is inserted directly into the DOM via innerHTML without sanitization when the global function...
CVE-2025-58172 drawnix debug logging cross-site scripting vulnerability
drawnix is an all in one open-source whiteboard tool. In drawnix versions through 0.2.1, a cross-site scripting XSS vulnerability exists in the debug logging functionality. User controlled content is inserted directly into the DOM via innerHTML without sanitization when the global function...
CVE-2025-58172
The CVE-2025-58172 issue affects drawnix versions through 0.2.1, where the debug logging logger inserts untrusted content directly into the DOM via innerHTML without sanitization (in apps/web/src/app/app.tsx). The root cause is unsanitized user-controlled data being written to the DOM through the...
ROS-20250905-01
A vulnerability in the Python library responsible for interacting with various image storage backends python-glance-store is related to the fact that the package registers an accesskey for Glance-store when the DEBUG log level is enabled. DEBUG log level. Exploitation of the vulnerability could...
CVE-2025-20345
A vulnerability in the debug logging function of Cisco Duo Authentication Proxy could allow an authenticated, high-privileged, remote attacker to view sensitive information in a system log file. This vulnerability is due to insufficient masking of sensitive information before it is written to...
CVE-2025-20345
A vulnerability in the debug logging function of Cisco Duo Authentication Proxy could allow an authenticated, high-privileged, remote attacker to view sensitive information in a system log file. This vulnerability is due to insufficient masking of sensitive information before it is written to...
CVE-2025-20345 Cisco Duo Authentication Proxy Information Disclosure Vulnerability
A vulnerability in the debug logging function of Cisco Duo Authentication Proxy could allow an authenticated, high-privileged, remote attacker to view sensitive information in a system log file. This vulnerability is due to insufficient masking of sensitive information before it is written to...
CVE-2025-20345 Cisco Duo Authentication Proxy Information Disclosure Vulnerability
A vulnerability in the debug logging function of Cisco Duo Authentication Proxy could allow an authenticated, high-privileged, remote attacker to view sensitive information in a system log file. This vulnerability is due to insufficient masking of sensitive information before it is written to...
CVE-2025-20345
Cisco Duo Authentication Proxy is affected by a vulnerability in its debug logging function. The root cause is insufficient masking of sensitive information before it is written to system logs, allowing an authenticated, high-privileged attacker to view restricted data by accessing logs. The CVSS...
Cisco Duo Authentication Proxy Information Disclosure Vulnerability
A vulnerability in the debug logging function of Cisco Duo Authentication Proxy could allow an authenticated, high-privileged, remote attacker to view sensitive information in a system log file. This vulnerability is due to insufficient masking of sensitive information before it is written to...
PT-2025-34117 · Cisco · Cisco Duo Authentication Proxy
Name of the Vulnerable Software and Affected Versions: Cisco Duo Authentication Proxy affected versions not specified Description: A vulnerability in the debug logging function could allow an authenticated, high-privileged, remote attacker to access sensitive information in a system log file. Thi...
Fedora: Security Advisory (FEDORA-2025-deb3a02c42)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-38294
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix NULL access in assign channel context handler Currently, when ath12kmacassignviftovdev fails, the radio handle ar gets accessed from the link VIF handle arvif for debug logging, This is incorrect. In the fail...
CVE-2025-38294
The CVE-2025-38294 entry concerns the Linux kernel wifi driver ath12k. The vulnerability arises when ath12k_mac_assign_vif_to_vdev() fails, causing a NULL radio handle (ar) to be dereferenced during debug logging via arvif, which is invalid in fail scenarios where the radio handle is NULL. The fi...
CVE-2025-20325
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster splunk.secret key. This exposure could happen if you have a Search Head cluster and...
CVE-2025-20325
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster splunk.secret key. This exposure could happen if you have a Search Head cluster and...
Security update for helm
This update for helm fixes the following issues: Update to version 3.18.3: builddeps: bump golang.org/x/crypto from 0.38.0 to 0.39.0 6838ebc dependabotbot fix: user username password for login 5b9e2f6 Terry Howe Update pkg/registry/transport.go 2782412 Terry Howe Update pkg/registry/transport.go...
SUSE-SU-2025:02121-1 Security update for helm
This update for helm fixes the following issues: Update to version 3.18.3: builddeps: bump golang.org/x/crypto from 0.38.0 to 0.39.0 6838ebc dependabotbot fix: user username password for login 5b9e2f6 Terry Howe Update pkg/registry/transport.go 2782412 Terry Howe Update pkg/registry/transport.go...
CVE-2025-24034
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially...
CVE-2024-52067
Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causi...