Lucene search
K

276 matches found

EUVD
EUVD
added 2026/02/07 12:30 a.m.8 views

EUVD-2026-5560

The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an...

9.1CVSS5.5AI score0.00253EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/06 10:56 p.m.4 views

CVE-2026-1622

A flaw was found in Neo4j. The obfuscateliterals option in the query logs fails to extend redaction to error messages. When a query triggers an error, unredacted data, potentially containing sensitive literals, are exposed in the logs. This issue allows an attacker with access to the local log...

5.5CVSS5.4AI score0.00144EPSS
Exploits0References4
CVE
CVE
added 2026/02/06 9:44 p.m.14 views

CVE-2026-1727

The CVE-2026-1727 entry describes an information disclosure in the Agentspace service arising from the use of predictable Google Cloud Storage bucket names for error logs and temporary data staging during GCS imports and Cloud SQL interactions. This predictability enabled bucket squatting, where ...

9.1CVSS5.5AI score0.00253EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/06 9:44 p.m.7 views

CVE-2026-1727 Information Disclosure via Bucket Squatting in Google Cloud Agentspace.

The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an...

9.1CVSS5.6AI score0.00253EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.8 views

PT-2026-6799

Name of the Vulnerable Software and Affected Versions Agentspace versions prior to December 12th, 2025 Description The Agentspace service had a flaw that led to the exposure of sensitive information. This was due to the use of predictable Google Cloud Storage bucket names for error logs and...

9.1CVSS5.5AI score0.00253EPSS
Exploits0References9
CVE
CVE
added 2026/01/15 4:38 p.m.14 views

CVE-2026-23493

Pimcore stores sensitive data in http_error_log prior to versions 12.3.1 and 11.5.14, exposing $_COOKIE and $_SERVER variables (e.g., DB credentials, session data) via the backend. The issue is fixed in Pimcore 12.3.1 and 11.5.14. Mitigation: upgrade to these versions or apply vendor-provided pat...

8.6CVSS6.2AI score0.00393EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.11 views

PT-2026-3074

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 12.3.1 Pimcore versions prior to 11.5.14 Description Pimcore is an Open Source Data & Experience Management Platform. Prior to versions 12.3.1 and 11.5.14, the http error log file stores the $ COOKIE and $ SERVER...

8.6CVSS5.3AI score0.00393EPSS
Exploits0References12
NVD
NVD
added 2026/01/09 5:15 p.m.9 views

CVE-2026-22198

GestSup versions prior to 3.2.60 contain a pre-authentication stored cross-site scripting XSS vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY header value for example, to /api/v1/ticket.php, an unauthenticated attacker can cause...

6.1CVSS0.00258EPSS
Exploits0References2
CVE
CVE
added 2026/01/09 4:19 p.m.25 views

CVE-2026-22198

GestSup prior to 3.2.60 (with sources also citing up to 3.2.56 in ENISA EUVD) contains a pre-authentication stored XSS in the API error logging. An unauthenticated attacker can craft the X-API-KEY header (e.g., to /api/v1/ticket.php) to inject HTML/JavaScript into log entries; when an administrat...

6.1CVSS5.5AI score0.00258EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.8 views

CVE-2023-40788

SpringBlade =V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs...

5.3CVSS6.7AI score0.00623EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:35 a.m.8 views

CVE-2024-34715

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...

3.3CVSS6.8AI score0.00275EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.7 views

GESTSUP 跨站脚本漏洞

GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A cross-site scripting vulnerability exists in GESTSUP 3.2.56 and prior versions, which stems from a flaw in the API error logging functionality th...

6.1CVSS6.5AI score0.00258EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:17 a.m.8 views

CVE-2025-1075

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p27, 2.2.0p40, and 2.1.0p51 EOL causes LDAP credentials to be written to Apache error log file accessible to administrators...

7.5CVSS6.8AI score0.00293EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.6 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an ath11k wifi driver peer node lookup failure, which may result in error logs...

6.2AI score0.00206EPSS
Exploits0References4
NVD
NVD
added 2025/12/05 5:16 a.m.4 views

CVE-2025-13494

The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location wp-content/uploads/ssp-debug/ssp-debug.log without any access controls. This...

5.3CVSS0.00256EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/05 4:29 a.m.4 views

CVE-2025-13494 SSP Debug <= 1.0.0 - Unauthenticated Sensitive Information Exposure

The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location wp-content/uploads/ssp-debug/ssp-debug.log without any access controls. This...

5.3CVSS5.3AI score0.00256EPSS
Exploits0References3
CVE
CVE
added 2025/12/05 4:29 a.m.18 views

CVE-2025-13494

The CVE covers the WordPress plugin SSP Debug (WordPress SSP Debugging) with versions up to and including 1.0.0. Root cause: the plugin stores PHP error logs in a web-accessible location (wp-content/uploads/ssp-debug/ssp-debug.log) without access controls. Impact: unauthenticated attackers can vi...

5.3CVSS5.3AI score0.00256EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.5 views

PT-2025-49194

The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location wp-content/uploads/ssp-debug/ssp-debug.log without any access controls. This...

5.3CVSS5.7AI score0.00256EPSS
Exploits0References4
NVD
NVD
added 2025/12/04 8:16 p.m.5 views

CVE-2025-12996

Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025...

4.1CVSS0.00095EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/04 8:4 p.m.4 views

EUVD-2025-201287

Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025...

4.1CVSS6AI score0.00095EPSS
Exploits0References2
Rows per page
Query Builder