Lucene search
+L

304 matches found

Cisco
Cisco
added 2025/08/20 4:0 p.m.34 views

Cisco Duo Authentication Proxy Information Disclosure Vulnerability

A vulnerability in the debug logging function of Cisco Duo Authentication Proxy could allow an authenticated, high-privileged, remote attacker to view sensitive information in a system log file. This vulnerability is due to insufficient masking of sensitive information before it is written to...

4.9CVSS6.7AI score0.00448EPSS
Exploits0References1
Snyk
Snyk
added 2025/08/15 6:43 p.m.6 views

Insertion of Sensitive Information into Log File

Overview @backstage/plugin-scaffolder-backend is a The Backstage backend plugin that helps you create new things Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the fetch:template action, which duplicates logging of the input values. An...

2.6CVSS6.7AI score0.00225EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/13 10:41 p.m.1 views

CVE-2025-55193 Active Record logging vulnerable to ANSI escape injection

Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in...

6.9CVSS7AI score0.00565EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/08/13 10:32 p.m.7 views

Active Record logging vulnerable to ANSI escape injection

This vulnerability has been assigned the CVE identifier CVE-2025-55193 Impact The ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. Releases The fixed releases are available at the normal locations...

6.9CVSS6.1AI score0.00565EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/08/13 10:32 p.m.4 views

GHSA-76R7-HHXJ-R776 Active Record logging vulnerable to ANSI escape injection

This vulnerability has been assigned the CVE identifier CVE-2025-55193 Impact The ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. Releases The fixed releases are available at the normal locations...

5.3CVSS6.1AI score0.00565EPSS
Exploits0References7
RubySec
RubySec
added 2025/08/13 12:0 a.m.10 views

Active Record logging vulnerable to ANSI escape injection

This vulnerability has been assigned the CVE identifier CVE-2025-55193 Impact The ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal, it may include unescaped ANSI sequences. Releases The fixed releases are available at the normal locations...

6.9CVSS7.2AI score0.00565EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/29 12:0 a.m.3 views

CVE-2025-52490

An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollectinfooptions.log and syncgateway.log, there are cleartext passwords in redacted and unredacted output...

6.6AI score0.0018EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2025/07/23 12:45 p.m.8 views

Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal...

9.6CVSS7.6AI score0.00982EPSS
Exploits0References52
OSV
OSV
added 2025/07/18 8:15 a.m.3 views

CVE-2024-32124

An improper access control vulnerability CWE-284 in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request...

4.3CVSS5.8AI score0.00318EPSS
Exploits0References1
Veracode
Veracode
added 2025/07/18 6:57 a.m.6 views

Information Disclosure

Directus is vulnerable to information disclosure. The vulnerability is due to improper handling of user data in the "Log to Console" operation within Directus Flows, which allows an attacker with admin privileges to log and access sensitive data of other users during create or update events...

4.2CVSS5.7AI score0.0017EPSS
Exploits0References5Affected Software1
GithubExploit
GithubExploit
added 2025/07/15 5:48 a.m.398 views

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

CVE-2025-27591 - Privilege Escalation via Writable Symlink in...

6.8CVSS7.7AI score0.0036EPSS
Exploits23
Cvelist
Cvelist
added 2025/07/14 11:35 p.m.21 views

CVE-2025-53886 Directus doesn't redact tokens in Flow logs

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all incoming request details are logged including security sensitive data like access and refresh tokens in...

4.5CVSS0.00387EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/14 11:18 p.m.39 views

CVE-2025-53885 Directus doesn't redact sensitive user data when logging via event hooks

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows to handle CRUD events for users it is possible to log the incoming data to console using the "Log to Console" operation and a template...

4.2CVSS0.0017EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/06/16 4:23 p.m.15 views

CVE-2025-2327 FlashArray KEK Logging Vulnerability

A flaw exists in FlashArray whereby the Key Encryption Key KEK is logged during key rotation when RDL is configured...

5.1CVSS0.00186EPSS
Exploits0References1
OSV
OSV
added 2025/06/12 8:56 p.m.8 views

CVE-2025-49589 PCSX2 Contains a Stack-based Buffer Overflow in IOP Console Logging

PCSX2 is a free and open-source PlayStation 2 PS2 emulator. A stack-based buffer overflow exists in the KprintfHLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP...

6.1CVSS7.8AI score0.00261EPSS
Exploits0References5
OSV
OSV
added 2025/06/06 2:4 p.m.7 views

OESA-2025-1615 python-tornado security update

Tornado is an open source version of the scalable, non-blocking web server and tools. Security Fixes: Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the...

7.5CVSS6.8AI score0.00672EPSS
Exploits0References2
OSV
OSV
added 2025/06/05 4:40 p.m.10 views

CVE-2025-49009 Para Inserts Sensitive Information into Log File for Facebook authentication

Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in FacebookAuthFilter.java results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access...

6.2CVSS6.4AI score0.00145EPSS
Exploits0References4
OSV
OSV
added 2025/06/05 3:30 a.m.3 views

GHSA-7XR5-9HCQ-CHF9 Django Improper Output Neutralization for Logs vulnerability

An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are...

4CVSS5.9AI score0.00629EPSS
Exploits0References11
CNNVD
CNNVD
added 2025/06/05 12:0 a.m.6 views

para 日志信息泄露漏洞

para is a multi-tenant backend server open-sourced by Erudika for rapidly building web and mobile applications. A log information disclosure vulnerability exists in versions prior to para 1.50.8, which stems from explicit logging of access tokens in the logs, which could lead to token disclosure...

6.2CVSS5.8AI score0.00145EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/06/04 4:56 a.m.7 views

CVE-2025-20989

Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmackey...

5.2CVSS5.1AI score0.00116EPSS
Exploits0References1
Rows per page
Query Builder