EUVD-2026-32674

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled taskname value directly when constructing session log paths. An authenticated client can supply path traversal sequences in taskname and cause...

OrcaStatLLM Researcher 跨站脚本漏洞

OrcaStatLLM Researcher is an open-source research paper generator based on large models, developed by AlgoNet Lab. OrcaStatLLM Researcher has a cross-site scripting vulnerability. This vulnerability arises from improper handling of malicious research topic inputs in the log messages of the sessio...

CVE-2023-4340

Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file...

EUVD-2024-26844

Malicious code in bioql PyPI...

CVE-2024-29852

Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs...

CVE-2020-35745

PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs...

CVE-2006-7162

PuTTY 0.59 and earlier uses weak file permissions for 1 ppk files containing private keys generated by puttygen and 2 session logs created by putty, which allows local users to gain sensitive information by reading these files...

ZOHO ManageEngine ADAudit Plus Access Control Error Vulnerability

ZOHO ManageEngine ADAudit Plus is ZOHO's solution for simplifying audits, proving compliance and detecting threats. An access control error vulnerability exists in ZOHO ManageEngine ADAudit Plus, which can be exploited by an attacker to view session logs...

Zoho ManageEngine ADAudit Plus 安全漏洞

ZOHO ManageEngine ADAudit Plus is ZOHO's solution for simplifying audits, proving compliance and detecting threats. An access control error vulnerability exists in ZOHO ManageEngine ADAudit Plus, which can be exploited by an attacker to view session logs...

Veeam Backup and Replication with Veeam Backup Enterprise Manager Multiple Vulnerabilities (KB4581)

The version of Veeam Backup and Replication with Veeam Backup Enterprise Manager installed on the remote Windows host is prior to 12.1.2.172. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in Veeam Backup Enterprise Manager that allows an unauthenticated attacker to log...

CVE-2024-29852

Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs...

CVE-2024-29852

Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs...

CVE-2024-29852

Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs...

Veeam Backup Enterprise Manager 安全漏洞

Veeam Backup Enterprise Manager is a centralized management and monitoring tool from Veeam USA. A security vulnerability exists in Veeam Backup Enterprise Manager that originates from allowing an elevated privilege user to read backup session logs...

PT-2024-23085

Name of the Vulnerable Software and Affected Versions Veeam Backup Enterprise Manager affected versions not specified Description The issue allows high-privileged users to read backup session logs. There is no information provided about the estimated number of potentially affected devices worldwi...

CVE-2023-4340 Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file

Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file...

Apache Livy Cross-Site Scripting Vulnerability

Apache Livy is an application server of the United States Apache Corporation . Provides support for programmatic , fault-tolerant , multi-tenant submission of Spark jobs from Web, mobile applications. A cross-site scripting vulnerability exists in Livy server version 0.7.0-incubating, which can b...

Apache Livy 跨站脚本漏洞

Apache Livy is an application server of the United States Apache Corporation . Provides support for programmatic , fault-tolerant , multi-tenant submission of Spark jobs from Web, mobile applications. A cross-site scripting vulnerability exists in Livy server version 0.7.0-incubating, which can b...

CVE-2020-35745

PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs...

CVE-2020-35745

PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs...