CVE-2019-16210

Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save...

CVE-2019-12938

The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI...

EUVD-2025-22488

Malicious code in bioql PyPI...

EUVD-2022-7642

Malicious code in bioql PyPI...

CVE-2025-6392 Daily Data Dump Collector logs database password in cleartext when running docker exec commands (CVE-2025-6392)

Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server...

Lightweight and High-Throughput Secure Logging for Internet of Things and Cold Cloud Continuum

The growing deployment of resource-limited Internet of Things IoT devices and their expanding attack surfaces demand efficient and scalable security mechanisms. System logs are vital for the trust and auditability of IoT, and offloading their maintenance to a Cold Storage-as-a-Service Cold-STaaS...

CVE-2025-48493 Yii 2 Redis may expose AUTH paramters in logs in case of connection failure

The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if...

CVE-2025-2325

The WP Test Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

CVE-2025-22495

creationtimestamp| type| source ---|---|--- 2025-02-24 17:33:57+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114060062653263406 2025-02-24 19:32:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lix3n5wnzw2s 2025-02-24 19:48:27+00:00| seen|...

CVE-2023-49068

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not...

CVE-2023-0219 FluentSMTP < 2.2.3 - Stored XSS via Email Logs

The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML...

PT-2023-16092 · WordPress · Fluentsmtp

Name of the Vulnerable Software and Affected Versions: FluentSMTP WordPress plugin versions prior to 2.2.3 Description: The issue arises from the plugin's failure to sanitize or escape email content, making it susceptible to stored cross-site scripting attacks XSS when an administrator views the...

CVE-2023-22481 Sensitive information exposure in the logs of greader API in FreshRSS

FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in users//logapi.txt in the case where the authentication fails. The issues occurs in authorizationToUser in greader.php. If there is an issue with the request or the credentials,...

CVE-2003-0020

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...