Gallagher Command Centre Service 安全漏洞

Gallagher Command Center Service is a security management platform service component of Gallagher New Zealand. A security vulnerability exists in Gallagher Command Centre Service that stems from the insertion of sensitive information into log files, which could lead to the disclosure of service...

CVE-2026-28943

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to determine kernel memory layout...

ABB B&R PVI

SUMMARY ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is now available that addresses and remediates the vulnerability. An attacker who successfully exploited this vulnerability could read sensitive information in the logging data of the...

GHSA-RC54-2G2C-G36G OpenBao and Vault Leak []byte Fields in Audit Logs

Impact OpenBao's audit log did not appropriately redact fields when relevant subsystems sent byte response parameters rather than strings. This includes, but is not limited to: - sys/raw with use of encoding=base64, all data would be emitted unredacted to the audit log. - Transit, when performing...

DELL OpenManage Enterprise Information Disclosure Vulnerability

DELL OpenManage Enterprise is an enterprise-class systems management console from Dell designed to simplify IT infrastructure management and support centralized lifecycle management of PowerEdge servers, storage, network devices and third-party components. An information disclosure vulnerability...

Brocade ASCG 日志信息泄露漏洞

Brocade ASCG is a networking feature from Brocade USA that is primarily used to simplify SAN architecture and optimize resource utilization. A log information disclosure vulnerability exists in Brocade ASCG versions prior to 3.3.0, which originates from logging unencrypted JWT tokens in log files...

CVE-2025-53498 Lack of Audit Logging in AbuseFilter

Insufficient Logging vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Data Leakage Attacks.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2...

WordPress Plugin FG PrestaShop to WooCommerce 日志信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin FG PrestaShop to WooCommer...

WireMock 安全漏洞

WireMock is WireMock open source a popular API simulation test open source tool . WireMock cross-site scripting vulnerability , the vulnerability stems from the logging function of the user-supplied data lack of effective filtering and escaping , an attacker can exploit the vulnerability by...

CVE-2023-6146

A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details...

BlackVue DR750-2CH LTE 访问控制错误漏洞

BlackVue DR750-2CH LTE is an in-vehicle full HD monitor from BlackVue. A security vulnerability exists in the BlackVue DR750-2CH LTE version v.1.0122022.10.26 that stems from not authenticating in its web server. An attacker exploiting this vulnerability could access sensitive information such as...

Important: kernel-livepatch-5.10.147-133.644

Issue Overview: A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6renewoptions of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a...

PT-2022-21180 · Siemens · Sinema Remote Connect Server

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.1 Description: A vulnerability has been identified that could expose sensitive user information. This occurs when a customized HTTP POST request forces the application to write the status of a...

A security architect’s POV on a mature data-centric security program, Part 1

In this three-part series, you’ll hear first-hand from security architects on the front lines about what it takes to move organizations from a compliance-centric to a mature data-centric database security model. You’ll gain insight into the challenges associated with retaining, accessing and...

ABB SREA-01 Communications Adapter Detection

Binary data 761513.prm...

ScriptLogic sets insecure permissions on "LOGS$" share

Overview Version 4.01 of ScriptLogic contains a vulnerability in the default permissions assigned to the network share used for logging. Description The ScriptLogic product from ScriptLogic, Inc. provides remote system administration capabilities for Microsoft Windows systems in a domain...