25 matches found
CVE-2025-10901
The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'aigettable' function in all versions up to, and including, 1.0.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...
CVE-2025-10901
CVE-2025-10901 (Originality.ai AI Checker, WordPress) : Wordfence and Patchstack detail a vulnerability in Originality.ai AI Checker plugin for WordPress versions up to and including 1.0.12 where a missing capability check in the function ai_get_table allows authenticated attackers with Subscribe...
EUVD-2025-35809
The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'aigettable' function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...
CVE-2025-10902 Originality.ai AI Checker <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Scan Log Deletion via ' ai_scan_result_remove'
The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'aiscanresultremove' function in all versions up to, and including, 1.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and...
PT-2025-43589
Name of the Vulnerable Software and Affected Versions Originality.ai AI Checker plugin for WordPress versions up to and including 1.0.12 Description The Originality.ai AI Checker plugin for WordPress is susceptible to unauthorized data access. This is due to a missing capability check within the ...
PT-2025-43590
Name of the Vulnerable Software and Affected Versions Originality.ai AI Checker plugin for WordPress versions through 1.0.12 Description The Originality.ai AI Checker plugin for WordPress is susceptible to unauthorized data loss. This is due to a missing capability check within the ai scan result...
CVE-2023-48708
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...
CVE-2021-35210
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper memory usage of the event log table in the efistub/tpm driver, which could cause the kernel to cras...
net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
A flaw was found in net-snmp. A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference issue...
CVE-2023-48708
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...
CVE-2023-48708 Insertion of Sensitive Information into Log in codeigniter4/shield
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...
Information Disclosure
codeigniter4/shield is vulnerable to Information Disclosure. The vulnerability is due to improper masking of sensitive information in to the log table. An attacker can gain access to sensitive tokens if they can access the application logs...
SUSE CVE-2009-0500
Cross-site scripting XSS vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log...
UBUNTU-CVE-2022-24808
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users shou...
CVE-2022-25518
In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table...
CVE-2022-25518
In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table...
CMDBuild 日志信息泄露漏洞
CMDBuild is an open source web enterprise environment for configuring custom applications for asset management. A security vulnerability exists in CMDBuild versions 3.0 through 3.3.2, which stems from the fact that payload requests for CMDBuild versions 3.0 through 3.3.2 are stored in a temporary...
CVE-2021-34660
The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the /includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.37.18...
GHSA-CVCQ-GMC3-Q6M8 Apache Airflow logs passwords in plaintext
In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. The same happenes when creating a Connection with a password field...