380 matches found
CVE-2025-46777
A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log...
CVE-2024-21668
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...
CVE-2024-40096
The com.cascadialabs.who aka Who - Caller ID, Spam Block application 15.0 for Android places sensitive information in the system log...
CVE-2024-54728
Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.013.1.7.2204050.1 allows unauthorized attackers to access system logcat logs...
CVE-2023-31405
SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. There is no ability to view any information or any...
CVE-2021-35210
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end...
CVE-2021-20159
Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functionality of the firmware allows for command injection as root by supplying a malformed parameter...
CVE-2021-24756
The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs...
CVE-2020-27691
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings...
CVE-2019-10364
Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log...
CVE-2019-15483
Bolt before 3.6.10 has XSS via a title that is mishandled in the system log...
CVE-2018-0728
This improper access control vulnerability in Helpdesk allows attackers to access the system logs. To fix the vulnerability, QNAP recommend updating QTS and Helpdesk to their latest versions...
CVE-2017-18687
An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.0 software. An attacker can obtain the full pathnames of sdcard files by reading the system protected log upon reception of a certain intent. The Samsung ID is SVE-2016-7183 January 2017...
CVE-2012-5187
The Weathernews Touch application 2.3.2 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files...
PT-2025-23069 · Fortinet · Fortiportal
Name of the Vulnerable Software and Affected Versions: Fortinet FortiPortal versions 7.0.0 through 7.0.9 Fortinet FortiPortal versions 7.2.0 through 7.2.5 Fortinet FortiPortal version 7.4.0 Description: The issue allows an authenticated attacker with at least read-only admin permissions to view...
Apple macOS 安全漏洞
Apple macOS is a suite of specialized operating systems from the U.S.-based Apple Inc. developed specifically for Mac computers. A security vulnerability exists in Apple macOS that stems from a privacy issue that could cause a sandboxed application to access sensitive user data in the system log...
CVE-2025-30205
kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...
CVE-2025-30205
kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...
CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log
kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...
CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log
kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...