CVE-2019-25717 Dräger Infinity Delta/Kappa Patient Monitors Unauthenticated Log File Disclosure

Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration...

CVE-2026-35452

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesyste...

WordPress Relevanssi plugin <= 4.22.0 - Missing Authorization to Unauthenticated Query Log Export vulnerability

Missing Authorization to Unauthenticated Query Log Export vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Relevanssi versions = 4.22.0...

PT-2026-4275

Name of the Vulnerable Software and Affected Versions Palantir Apollo Aries Service affected versions not specified Description A flaw exists in Palantir's Aries service that permitted unauthenticated access to log viewing and management features on Apollo instances when using the default...

WordPress Checkbox plugin <= 2.8.10 - Missing Authorization to Unauthenticated Log Clearing vulnerability

Missing Authorization to Unauthenticated Log Clearing vulnerability discovered by Legion Hunter in WordPress Plugin Checkbox versions = 2.8.10...

CVE-2025-12170

CVE-2025-12170 applies to the WordPress Checkbox plugin (

WordPress Post SMTP plugin <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure vulnerability

Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure vulnerability discovered by netranger in WordPress Plugin Post SMTP versions = 3.6.0...

EUVD-2019-16946

Malware in sbrugna...

CVE-2025-23405

Unauthenticated log effects metrics gathering incident response efforts and potentially exposes risk of injection attacks ex log injection...

ABB Cylon Aspect 3.08.01 logCriticalLookup.php Unauthenticated Log Disclosure

ABB Cylon Aspect 3.08.01 logCriticalLookup.php Unauthenticated Log Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

ABB Cylon Aspect 3.08.01 throttledLog.php Unauthenticated Log Disclosure

ABB Cylon Aspect 3.08.01 throttledLog.php Unauthenticated Log Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

ABB Cylon Aspect 3.08.01 (throttledLog.php) Unauthenticated Log Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated log...

ABB Cylon Aspect 3.08.01 (logCriticalLookup.php) Unauthenticated Log Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated log...

Command injection

An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted command...

CVE-2023-51062

Summary : CVE-2023-51062 affects QStar Archive Solutions, RELEASE_3-0 Build 7 Patch 0. An unauthenticated read of the log-smblog-save component can disclose SMB log contents when a crafted command is executed. The NVD/CVSS indicates network access with low complexity and no privileges required, r...

PT-2023-32314 · WordPress · Debug Log Manager

Name of the Vulnerable Software and Affected Versions: Debug Log Manager plugin for WordPress versions up to, and including, 2.2.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the clear log function. This allows unauthenticated...

CVE-2023-5003 Active Directory Integration < 4.1.10 - Unauthenticated Log Disclosure

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so...

Active Directory Integration < 4.1.10 - Unauthenticated Log Disclosure

Description The plugin stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so. PoC This requires the plugin's Log Authentication Requests setting to be...

CVE-2022-41618

Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin = 3.00 on WordPress...

Simple Download Monitor < 3.9.9 - Multiple CSRF

The plugin does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1 make admins export logs to exploit a separate log disclosure vulnerability fixed in 3.9.6, 2 delete logs fixed in 3.9.9, 3 remove thumbnail image from downloads To export logs which could then be...