CVE-2026-3494

A flaw was found in MariaDB. An authenticated database user can exploit this vulnerability by invoking SQL statements prefixed with double-hyphen — or hash style comments. When the server audit plugin is enabled with specific event filtering, these statements are not logged. This oversight can le...

CVE-2026-0936

An Insertion of Sensitive Information into Log File vulnerability in B PVI client versions prior to 6.5 may be abused by an authenticated local attacker to gather credential information which is processed by the PVI client application. The logging function of the PVI client application is disable...

ABB B&R PVI

SUMMARY ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is now available that addresses and remediates the vulnerability. An attacker who successfully exploited this vulnerability could read sensitive information in the logging data of the...

GNU GRUB 安全漏洞

GNU GRUB is a Linux system boot program from the GNU community. A security vulnerability exists in GNU GRUB that stems from the normalexit command not being properly logged off, which could lead to a post-release reuse issue resulting in a system crash or compromised data confidentiality and...

GHSA-VXG3-W9RV-RHR2 Contrast leaks workload secrets to logs on INFO level

This is the same vulnerability as https://github.com/edgelesssys/contrast/security/advisories/GHSA-h5f8-crrq-4pw8. The original vulnerability had been fixed for release v1.8.1, but the fix was not ported to the main branch and thus not present in releases v1.9.0 ff. Below is a brief repetition of...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a driver uninstallation without logging off the platform device, which can be exploited by an attacker to...

UBUNTU-CVE-2024-45440

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...

AppPresser < 4.3.1 - Cross-Site Request Forgery via force_logging_off()

Description The AppPresser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the forceloggingoff function. This makes it possible for unauthenticated attackers to turn logging off via a...

Errors logging off the endpoints while having active published apps - “CGPPowerNotifWndCls: wfica23.exe – Application error”

Users are reporting an error when logging off from their workstations while havingactive published app sessions The users are not closing the published app before logging off the Worksstation. Users utilize Windows 10 machines with Imprivata to badge-in/badge-out Agent 6.3. When they badge in,...