GHSA-4524-CJ9J-G4FJ OneUptime: Password Reset Token Logged at INFO Level

Summary The password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log aggregation, Docker logs, Kubernetes pod logs can intercept reset tokens and perfo...

EUVD-2005-1058

Malware in sbrugna...

CVE-2025-10776

CVE-2025-10776 affects LionCoders SalePro POS up to version 5.5.0 (and prior) with a vulnerability in the Login component that leads to cleartext transmission of sensitive information. The issue can be exploited remotely and is described as high complexity with difficult exploitability. Public ex...

CVE-2021-37036

There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the informati...

Trusted Firmware-M 安全漏洞

Linaro Trusted Firmware-M Tf-M is a reference implementation of the Platform Security Architecture Psa IoT security framework from Linaro, UK. A security vulnerability exists in Trusted Firmware-M version 2.0.0 and prior versions, which stems from a lack of parameter validation in the logging...

DEBIAN-CVE-2019-12469

MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

UBUNTU-CVE-2015-8628

The 1 Special:MyPage, 2 Special:MyTalk, 3 Special:MyContributions, 4 Special:MyUploads, and 5 Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted...