EUVD-2026-34070

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...

MagnusBilling Login Logs - Cross-Site Scripting

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is...

CVE-2019-25717

CVE-2019-25717 affects Dräger Infinity Delta, Delta XL, and Kappa patient monitors. The vulnerability allows unauthenticated attackers over a network to access exposed log files, exposing device internals, location data, and wired network configuration details. No root cause or remediation detail...

CVE-2019-25717 Dräger Infinity Delta/Kappa Patient Monitors Unauthenticated Log File Disclosure

Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration...

Insertion of Sensitive Information into Log File

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the setCookie and start functions. An attacker can gain unauthorized access to...

Security Bulletin: IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcase buckets (CVE-2025-13755)

Summary IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcase buckets. Vulnerability Details CVEID:CVE-2025-13755 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes DB2 Connect Server stores potentially...

Insertion of Sensitive Information into Log File

Overview github.com/projectcalico/calico/cni-plugin/pkg/install is a cloud-native networking and network security package Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the logging of the entire unmarshaled configuration map at INFO level ...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the logging of the entire unmarshaled configuration map at INFO level to /var/log/calico/cni/cni.log during each CNI ADD and DEL invocation. An attacker can obtain sensitive...

CVE-2026-41185

When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map stdinData at INFO level to...

IBM DB2 Multiple Vulnerabilities (7273554, 7273555, 7273556, 7273557, 7273558) (Windows)

According to its self-reported version number, IBM Db2 is affected by multiple vulnerabilities: - IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server stores potentially sensitive information in log files that could be read by a local user. CVE-2025-13755 - IBM Db2 is vulnerable to a...

CVE-2026-48066 pam_usb: Thread-unsafe static pointer in log.c causes data race under concurrent PAM authentication

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

CVE-2026-5515

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user...

IBM App Connect Enterprise 安全漏洞

IBM App Connect Enterprise is an operating system developed by IBM Corporation. IBM App Connect Enterprise combines existing, industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native technologies, providing a platform that meets the comprehensive...

CVE-2025-13755

CVE-2025-13755 affects IBM Db2 11.5.0–11.5.9 and 12.1.0–12.1.4 (Linux/UNIX/Windows, including Db2 Connect Server). The root cause is that the system can store potentially sensitive information in log files, which could be read by a local user, constituting a credential exposure (CWE-532). Impact ...

CVE-2026-4795

A missing authorization vulnerability in Zyxel GS1200-5v3 firmware versions through 1.00ACPS.2C0, GS1200-8v3 firmware versions through 1.00ACPT.2C0, GS1200-5HPv3 firmware versions through 1.00ACPU.2C0, GS1200-8HPv3 firmware versions through 1.00ACPV.2C0, and GS1200-10v3 firmware versions through...

CVE-2026-4795

CVE-2026-4795 describes a missing authorization vulnerability in Zyxel GS1200 series switches (GS1200-5v3/8v3/5HPv3/8HPv3/10v3) up to firmware versions noted. The issue allows a LAN-based, unauthenticated attacker to read the system configuration from a log file via a crafted HTTP request. The co...

CVE-2026-4795

A missing authorization vulnerability in Zyxel GS1200-5v3 firmware versions through 1.00ACPS.2C0, GS1200-8v3 firmware versions through 1.00ACPT.2C0, GS1200-5HPv3 firmware versions through 1.00ACPU.2C0, GS1200-8HPv3 firmware versions through 1.00ACPV.2C0, and GS1200-10v3 firmware versions through...

PT-2026-43176

A missing authorization vulnerability in Zyxel GS1200-5v3 firmware versions through 1.00ACPS.2C0, GS1200-8v3 firmware versions through 1.00ACPT.2C0, GS1200-5HPv3 firmware versions through 1.00ACPU.2C0, GS1200-8HPv3 firmware versions through 1.00ACPV.2C0, and GS1200-10v3 firmware versions through...

PT-2026-43277

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description IBM Db2 for Linux, UNIX, and Windows, including DB2 Connect Server, stores potentially sensitive information in log files. This data could be accessed an...

CVE-2026-25193

Insertion of Sensitive Information into Log File CWE-532 in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account not the default Network Service account are...