CVE-2025-32613 WordPress Debug Log Manager plugin <= 2.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bowo Debug Log Manager allows Stored XSS. This issue affects Debug Log Manager: from n/a through 2.3.4...

PT-2025-17116 · WordPress · Wp Debug Toggle

Name of the Vulnerable Software and Affected Versions: WP DEBUG Toggle versions n/a through 1.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS in the WP DEBUG Toggle plugin...

WordPress plugin Debug Log Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2025-17139 · Unknown · Bowo Debug Log Manager

Name of the Vulnerable Software and Affected Versions: Bowo Debug Log Manager versions through 2.3.4 Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that an attacker can inject malicious...

Allwinner TS17 Android Infotainment System 安全漏洞

Allwinner TS17 Android Infotainment System is an in-vehicle entertainment information system from Allwinner China. A security vulnerability exists in the Allwinner TS17 Android Infotainment System, which stems from the ADB port component not properly validating input, which could lead to remote...

RHEL 6 : openstack-packstack (RHSA-2014:0233)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0233 advisory. PackStack is a command-line utility that uses Puppet modules to support rapid deployment of OpenStack on existing servers over an SSH connection...

RHEL 7 : openstack-ironic-discoverd (RHSA-2015:1929)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1929 advisory. Ironic provides bare metal provisioning for OpenStack nodes. It was discovered that enabling debug mode in openstack-ironic-discoverd also enables...

kernel security update

4.18.0-553.50.110.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

CVE-2025-2469

GitLab CE/EE (versions 17.9 up to 17.9.5, 17.10 up to 17.10.3) contains a vulnerability where runtime profiling data of a specific service was accessible to unauthenticated users. The available sources consistently describe the issue as affecting GitLab CE/EE 17.9 before 17.9.6 and 17.10 before 1...

CVE-2025-27391

A flaw was found in Apache ActiveMQ Artemis. This vulnerability allows an attacker with access to debug logs to obtain sensitive configuration information via debug-level logging of broker properties. Mitigation Mitigation for this issue is either not available or the currently available options ...

Insertion of Sensitive Information into Log File

Overview org.apache.activemq:artemis-core-client is a High-performance, non-blocking architecture for the next generation of event-driven messaging applications. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File when the ConfigurationImpl logger ...

Insertion of Sensitive Information into Log File

Overview org.apache.activemq:artemis-server is a server package for the ActiveMQ-Artemis project. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File when the ConfigurationImpl logger is being set to debug level. An attacker can access sensitive...

CVE-2025-27391 Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log

Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled. This issue affects Apache ActiveMQ Artemis: fro...

CVE-2025-27391

CVE-2025-27391 affects Apache ActiveMQ Artemis. When debug logging is enabled for the broker, the system logs all broker property values via the ConfigurationImpl logger, potentially exposing sensitive information. Affected versions are from 1.5.1 up to (but not including) 2.40.0. Impact is expos...

orangefs: fix a oob in orangefs_debug_write

...

This Week in Spring - April 8th, 2025

Hi, Spring fans! How are ya? I'm doing fine. Excited, even. You see, Spring AI M7 is coming soon! In theory, it drops on Thursday. Don't hold us to that — these things can change :- But soon , and it's turning out to be a whopper of a release! You should try upgrading your application to the new ...

event-driven-ansible: exposure inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in EDA

A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams...

event-driven-ansible: exposure inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in EDA

A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams...

CVE-2025-0278

HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests...

CVE-2025-32257 WordPress 1 Click WordPress Migration plugin <= 2.5.7 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration 1-click-migration allows Retrieve Embedded Sensitive Data.This issue affects 1 Click WordPress Migration: from n/a through = 2.5.7...