EUVD-2019-10964

Malware in sbrugna...

CVE-2025-10377

The System Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.20. This is due to missing nonce validation on the sdtogglelogs function. This makes it possible for unauthenticated attackers to toggle critical logging settings...

CVE-2025-10377

CVE-2025-10377 affects the WordPress System Dashboard plugin. It enables Cross-Site Request Forgery due to missing nonce validation in sd_toggle_logs(), allowing unauthenticated attackers to toggle Page Access Logs, Error Logs, and Email Delivery Logs by luring an admin to click a forged link. Af...

CVE-2024-21987

SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings...

Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models

Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large language model LLM services with the goal of selling access to other threat actors. The attack technique has been codenamed LLMjacking by the Sysdig Threat Research Team...

CVE-2024-21987

CVE-2024-21987 affects NetApp SnapCenter: versions 4.8 prior to 5.0 are vulnerable due to insufficient authorization, allowing an authenticated SnapCenter Server user to modify the system logging configuration. Documented impact is limited to changing logging settings; no exploit details are prov...

PT-2024-2526 · Netapp · Netapp Snapcenter

Name of the Vulnerable Software and Affected Versions: NetApp SnapCenter versions 4.8 prior to 5.0 Description: The issue is related to insufficient authorization in the NetApp SnapCenter platform, allowing a remote attacker to modify system logging configuration settings. This can be done by an...

CVE-2024-1367

A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host...

Concrete CMS: Phar Deserialization Vulnerability via Logging Settings

Vulnerability Description: The vulnerable code is located within the concrete/controllers/singlepage/dashboard/system/environment/logging.php script. Specifically, into the Logging::updatelogging method: public function updatelogging $config = $this-app-make'config'; $request = $this-request; if...

Concrete CMS: Remote Code Execution through Extension Bypass on Log Functionality

Summary: ===================== The Application concrete5 CMS available on github is vulnerable to remote code execution through the functionality of setting the log file in "Loggin Settings". It is possible to bypass the portion of code responsible for the verification of the extension of the log...

Description of the security update for Office Online Server: January 14, 2020

Description of the security update for Office Online Server: January 14, 2020 Summary This security update resolves a spoofing vulnerability that exists if Office Online does not validate the origin in cross-origin communications correctly. To learn more about the vulnerability, see Microsoft...

Description of the security update for Office Online Server: October 8, 2019

Description of the security update for Office Online Server: October 8, 2019 Summary This security update resolves a remote code execution vulnerability that exists in Microsoft Excel software when the software fails to correctly handle objects in memory. To learn more about the vulnerability, se...

PT-2019-16838 · Ibm · Api Connect

Name of the Vulnerable Software and Affected Versions: API Connect versions 2018.1 through 2018.4.1.1 Description: The issue concerns an access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. Recommendations: For API Connect versions 2018.1 throu...