AZL-73247 CVE-2025-58160 affecting package rust 1.72.0-14

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...

Directus is vulnerable to sensitive data exposure as user data is not being redacted when logged

Summary When using Directus Flows to handle CRUD events for users it is possible to log the incoming data to console using the "Log to Console" operation and a template string. Impact Malicious admins can log sensitive data from other users when they are created or updated. Workarounds Avoid...

PT-2024-7164 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.1 Splunk Enterprise versions prior to 9.2.3 Splunk Enterprise versions prior to 9.1.6 Description: The software potentially exposes sensitive HTTP parameters to the internal index if the REST Calls log...

PT-2022-24872 · Unknown +2 · Zoneminder +2

Name of the Vulnerable Software and Affected Versions: ZoneMinder affected versions not specified Description: The issue concerns the ZoneMinder API, which exposes database log contents to users without privileges. It also allows for the insertion, modification, and deletion of logs without syste...