Lucene search
K

380 matches found

OSV
OSV
added 2025/05/28 8:15 a.m.4 views

CVE-2025-46777

A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log...

2.7CVSS5.8AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:45 a.m.9 views

CVE-2024-21668

react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...

4.9CVSS6.4AI score0.0038EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:32 a.m.6 views

CVE-2024-40096

The com.cascadialabs.who aka Who - Caller ID, Spam Block application 15.0 for Android places sensitive information in the system log...

3.3CVSS6.6AI score0.00163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:9 a.m.5 views

CVE-2024-54728

Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.013.1.7.2204050.1 allows unauthorized attackers to access system logcat logs...

6.5CVSS6.9AI score0.00313EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:48 a.m.8 views

CVE-2023-31405

SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. There is no ability to view any information or any...

5.3CVSS6.7AI score0.0038EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:36 p.m.5 views

CVE-2021-35210

Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end...

6.1CVSS6.4AI score0.0074EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:6 p.m.8 views

CVE-2021-20159

Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functionality of the firmware allows for command injection as root by supplying a malformed parameter...

9CVSS7.9AI score0.03413EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.6 views

CVE-2021-24756

The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs...

6.1CVSS6.3AI score0.01322EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:33 p.m.8 views

CVE-2020-27691

The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings...

6.1CVSS6AI score0.00749EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:14 a.m.5 views

CVE-2019-10364

Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log...

5.5CVSS6.8AI score0.00337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:13 a.m.34 views

CVE-2019-15483

Bolt before 3.6.10 has XSS via a title that is mishandled in the system log...

6.1CVSS5.7AI score0.00861EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:26 a.m.7 views

CVE-2018-0728

This improper access control vulnerability in Helpdesk allows attackers to access the system logs. To fix the vulnerability, QNAP recommend updating QTS and Helpdesk to their latest versions...

7.5CVSS6.9AI score0.01273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:38 a.m.4 views

CVE-2017-18687

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.0 software. An attacker can obtain the full pathnames of sdcard files by reading the system protected log upon reception of a certain intent. The Samsung ID is SVE-2016-7183 January 2017...

5.3CVSS7AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:45 a.m.8 views

CVE-2012-5187

The Weathernews Touch application 2.3.2 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files...

4.3CVSS6.1AI score0.00893EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.4 views

PT-2025-23069 · Fortinet · Fortiportal

Name of the Vulnerable Software and Affected Versions: Fortinet FortiPortal versions 7.0.0 through 7.0.9 Fortinet FortiPortal versions 7.2.0 through 7.2.5 Fortinet FortiPortal version 7.4.0 Description: The issue allows an authenticated attacker with at least read-only admin permissions to view...

2.7CVSS5.7AI score0.00209EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.3 views

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems from the U.S.-based Apple Inc. developed specifically for Mac computers. A security vulnerability exists in Apple macOS that stems from a privacy issue that could cause a sandboxed application to access sensitive user data in the system log...

5.5CVSS6.1AI score0.00245EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/26 5:21 p.m.8 views

CVE-2025-30205

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...

7.6CVSS7.1AI score0.00269EPSS
Exploits0References1
NVD
NVD
added 2025/03/24 5:15 p.m.9 views

CVE-2025-30205

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...

7.6CVSS0.00269EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/24 4:47 p.m.12 views

CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...

7.6CVSS0.00269EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/24 4:47 p.m.10 views

CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...

7.6CVSS7AI score0.00269EPSS
Exploits0References2
Rows per page
Query Builder