380 matches found
CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log
kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...
WordPress WP System Log plugin <= 1.2.4 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by KENJI YOSHIKAWA in WordPress Plugin WP System Log versions = 1.2.4...
CVE-2024-13416
Using API in the 2N OS device, authorized user can enable logging, which discloses valid authentication tokens in system log. 2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all customers update their devices to the latest 2N OS...
PT-2025-5853 · 2N · 2N Os
Name of the Vulnerable Software and Affected Versions: 2N OS affected versions not specified Description: The issue allows an authorized user to enable logging when using the API in the 2N OS device. This logging functionality discloses valid authentication tokens in the system log...
CVE-2024-54728
Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.013.1.7.2204050.1 allows unauthorized attackers to access system logcat logs...
CVE-2023-38271
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Fortinet Fortiproxy
This is a PoC exploit for CVE-2024-55591, a vulnerability in For...
UBUNTU-CVE-2025-21643
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel async DIO Netfslib needs to be able to handle kernel-initiated asynchronous DIO that is supplied with a biovec array. Currently, because of the async flag, this gets passed to netfsextractuseriter which throws a...
CVE-2023-29114 Unauthorized System Log Disclosure in Enel X JuiceBox
System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: • Wi-Fi access point credentials to which the EV charger can connect. • APN web address and credentials. • IPSEC credentials...
Jenkins exposes multi-line secrets through error messages
Jenkins Jenkins provides the secretTextarea form field for multi-line secrets. Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field. This can result in exposure of...
CVE-2024-40096
The com.cascadialabs.who aka Who - Caller ID, Spam Block application 15.0 for Android places sensitive information in the system log...
CVE-2024-40096
The com.cascadialabs.who aka Who - Caller ID, Spam Block application 15.0 for Android places sensitive information in the system log...
CVE-2024-40096
The CVE-2024-40096 entry concerns com.cascadialabs.who (Who - Caller ID, Spam Block) app version 15.0 on Android, where sensitive information is written to the system log. The root cause is exposure through system logs, leading to potential confidentiality impact if logs are accessible. The docum...
CVE-2024-40096
The com.cascadialabs.who aka Who - Caller ID, Spam Block application 15.0 for Android places sensitive information in the system log...
Apple macOS 安全漏洞
Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma prior to version 14.6, which stems from an application that may be able to view a contact's phone number in the system log...
PT-2024-31038 · Apple · Ios +2
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.6.8 macOS versions prior to 12.7.6 iOS versions prior to 16.7.9 iPadOS versions prior to 16.7.9 iOS versions prior to 17.6 iPadOS versions prior to 17.6 macOS versions prior to 14.6 Description: A privacy issue was...
GHSA-XFX3-CR74-X3CV Exposure of secrets through system log in Jenkins Structs Plugin
Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before their execution. When Structs Plugin 337.v1b04ea4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may...
Exposure of secrets through system log in Jenkins Structs Plugin
Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before their execution. When Structs Plugin 337.v1b04ea4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may...
CVE-2024-39458
When Jenkins Structs Plugin 337.v1b04ea4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log...
CVE-2024-39458
When Jenkins Structs Plugin 337.v1b04ea4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log...