Lucene search
+L

380 matches found

OSV
OSV
added 2025/03/24 4:47 p.m.5 views

CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...

7.6CVSS6.8AI score0.00269EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/02/24 11:20 p.m.5 views

WordPress WP System Log plugin <= 1.2.4 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by KENJI YOSHIKAWA in WordPress Plugin WP System Log versions = 1.2.4...

4.3CVSS7AI score0.00164EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/06 7:9 p.m.9 views

CVE-2024-13416

Using API in the 2N OS device, authorized user can enable logging, which discloses valid authentication tokens in system log. 2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all customers update their devices to the latest 2N OS...

4.3CVSS4.8AI score0.00343EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/06 12:0 a.m.6 views

PT-2025-5853 · 2N · 2N Os

Name of the Vulnerable Software and Affected Versions: 2N OS affected versions not specified Description: The issue allows an authorized user to enable logging when using the API in the 2N OS device. This logging functionality discloses valid authentication tokens in the system log...

4.3CVSS7.1AI score0.00343EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/27 12:0 a.m.12 views

CVE-2024-54728

Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.013.1.7.2204050.1 allows unauthorized attackers to access system logcat logs...

0.00313EPSS
Exploits0References2
NVD
NVD
added 2025/01/25 2:15 p.m.24 views

CVE-2023-38271

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files...

6.5CVSS0.00306EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/01/21 12:30 p.m.622 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Fortinet Fortiproxy

This is a PoC exploit for CVE-2024-55591, a vulnerability in For...

9.8CVSS10AI score0.98259EPSS
Exploits9
OSV
OSV
added 2025/01/19 11:15 a.m.4 views

UBUNTU-CVE-2025-21643

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel async DIO Netfslib needs to be able to handle kernel-initiated asynchronous DIO that is supplied with a biovec array. Currently, because of the async flag, this gets passed to netfsextractuseriter which throws a...

5.5CVSS6.2AI score0.00209EPSS
Exploits0References21
Vulnrichment
Vulnrichment
added 2024/11/05 3:1 p.m.11 views

CVE-2023-29114 Unauthorized System Log Disclosure in Enel X JuiceBox

System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: • Wi-Fi access point credentials to which the EV charger can connect. • APN web address and credentials. • IPSEC credentials...

5.7CVSS6.9AI score0.00248EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/10/02 6:31 p.m.21 views

Jenkins exposes multi-line secrets through error messages

Jenkins Jenkins provides the secretTextarea form field for multi-line secrets. Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field. This can result in exposure of...

4.3CVSS7.1AI score0.00822EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/08/05 10:15 a.m.4 views

CVE-2024-40096

The com.cascadialabs.who aka Who - Caller ID, Spam Block application 15.0 for Android places sensitive information in the system log...

3.3CVSS5.8AI score0.00163EPSS
Exploits0References2
NVD
NVD
added 2024/08/05 10:15 a.m.24 views

CVE-2024-40096

The com.cascadialabs.who aka Who - Caller ID, Spam Block application 15.0 for Android places sensitive information in the system log...

3.3CVSS0.00163EPSS
Exploits0References2
CVE
CVE
added 2024/08/05 12:0 a.m.36 views

CVE-2024-40096

The CVE-2024-40096 entry concerns com.cascadialabs.who (Who - Caller ID, Spam Block) app version 15.0 on Android, where sensitive information is written to the system log. The root cause is exposure through system logs, leading to potential confidentiality impact if logs are accessible. The docum...

3.3CVSS6.6AI score0.00163EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/08/05 12:0 a.m.25 views

CVE-2024-40096

The com.cascadialabs.who aka Who - Caller ID, Spam Block application 15.0 for Android places sensitive information in the system log...

0.00163EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/29 12:0 a.m.5 views

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma prior to version 14.6, which stems from an application that may be able to view a contact's phone number in the system log...

3.3CVSS6.1AI score0.00242EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/29 12:0 a.m.2 views

PT-2024-31038 · Apple · Ios +2

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.6.8 macOS versions prior to 12.7.6 iOS versions prior to 16.7.9 iPadOS versions prior to 16.7.9 iOS versions prior to 17.6 iPadOS versions prior to 17.6 macOS versions prior to 14.6 Description: A privacy issue was...

5.5CVSS5.6AI score0.00187EPSS
Exploits0References8
OSV
OSV
added 2024/06/26 6:30 p.m.25 views

GHSA-XFX3-CR74-X3CV Exposure of secrets through system log in Jenkins Structs Plugin

Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before their execution. When Structs Plugin 337.v1b04ea4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may...

3.1CVSS3.7AI score0.00439EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/06/26 6:30 p.m.20 views

Exposure of secrets through system log in Jenkins Structs Plugin

Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before their execution. When Structs Plugin 337.v1b04ea4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may...

3.1CVSS6.4AI score0.00439EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/06/26 5:15 p.m.30 views

CVE-2024-39458

When Jenkins Structs Plugin 337.v1b04ea4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log...

3.1CVSS0.00439EPSS
Exploits0References2
OSV
OSV
added 2024/06/26 5:15 p.m.5 views

CVE-2024-39458

When Jenkins Structs Plugin 337.v1b04ea4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log...

3.1CVSS6.5AI score
Exploits0References2
Rows per page
Query Builder