8808 matches found
CVE-2026-50205
System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data...
EUVD-2026-34217
System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data...
CVE-2026-50205
System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data...
CVE-2026-50205 Plaintext Log Credential Leakage
System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data...
WordPress Hummingbird <= 3.18.0 - Sensitive Information Exposure via Log File
Hummingbird Performance WordPress plugin = 3.18.0 contains a sensitive information exposure caused by improper handling in the 'request' function, letting unauthenticated attackers extract sensitive data including Cloudflare API credentials, exploit requires no authentication. id: CVE-2025-14437...
Autoptimize < 3.1.0 - Information Disclosure
The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs. id: CVE-2022-4057 info: name: Autoptimize 3.1.0 - Information Disclosure author: DhiyaneshDK severity: medium description: | The Autoptimize WordPress plugin before 3.1.0 uses...
WebTitan < 3.60 - Local File Inclusion
Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. dot dot in the fname parameter in a view action. id: CVE-2011-4640 info: name: WebTitan 3.60 - Local File Inclusion author: ctflearner severity:...
SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs. id: CVE-2024-6846 info: name: SmartSearchWP = 2.4.4 - Unauthenticated Log Purge author: s4e-io severity: medium description: | Th...
PT-2026-46156
System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data...
GHSA-8RPW-6CQH-2V9H
creationtimestamp| type| source ---|---|--- 2026-06-03 23:10:53+00:00| seen| https://gist.github.com/alon710/f7bc5351b219485c56b8d23a92985578 2026-06-03 23:20:57+00:00| seen| https://gist.github.com/alon710/c96f50c47f9fff8e91b22c3cc55eaa13...
CVE-2026-46253
A flaw was found in the Linux kernel's pstore/ram component. This vulnerability, a heap buffer overflow, occurs when the system attempts to save old persistent RAM logs and the buffer size changes, leading to an out-of-bounds write. While the conditions for exploitation are extremely difficult to...
Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.4.5
Logging for Red Hat OpenShift - 6.4.5 Red Hat OpenShift Logging 6.4.5 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs...
CVE-2026-41032
It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...
EUVD-2026-34070
It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...
CirCarLife Scada <4.3 - System Log Exposure
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging station. id: CVE-2018-12634 info: name: CirCarLife Scada 4.3 - System Log...
PT-2026-45912
It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...
DEBIAN-CVE-2026-42507
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
CVE-2026-46764
The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...
CVE-2026-40861
A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...
CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...