Lucene search
K

11 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/26 2:43 p.m.6 views

CVE-2026-9699

Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...

6.8CVSS5.8AI score0.00325EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 6:0 a.m.31 views

CVE-2026-6858 Transbank Webpay < 1.14.0 - Unauthenticated Stored XSS

The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator...

0.00164EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.8 views

PT-2026-22931

Name of the Vulnerable Software and Affected Versions 2N Access Commander versions prior to 3.4.2 Description The 2N Access Commander software contains a flaw related to insufficient validation of data written to logs. Specifically, certain parameters received through the API are included in log...

6.9CVSS5.9AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/03 4:28 p.m.3 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to logging as unsanitized plaintext. An attacker can gain unauthorized access to sensitive information and potentially escalate privileges by accessing unsanitized logs containing...

8.5CVSS5.5AI score0.00203EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-7576

Malware in sbrugna...

6.1CVSS6.2AI score0.01659EPSS
Exploits3References5
ATTACKERKB
ATTACKERKB
added 2022/07/05 12:15 p.m.3 views

CVE-2021-43702

ASUS RT-A88U 3.0.0.4.38645898 is vulnerable to Cross Site Scripting XSS. The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device...

9CVSS7.3AI score0.00906EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/04/18 12:0 a.m.6 views

WordPress plugin Easy Digital Downloads 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Easy Digital Downloads plugin is vulnerable to a cross-site scripting vulnerability that stems from...

4.8CVSS5.6AI score0.0065EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2018/03/26 9:39 a.m.5 views

ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick

It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences...

9.3CVSS7.3AI score0.16412EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/02/28 8:6 p.m.5 views

ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick

It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences...

9.3CVSS7.3AI score0.16412EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/12/19 8:37 a.m.5 views

ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick

It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences...

9.3CVSS7.3AI score0.16412EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2010/01/13 12:0 a.m.10 views

PT-2010-1349 · Thttpd · Thttpd

Name of the Vulnerable Software and Affected Versions: thttpd version 2.25b0 Description: The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. This is due to thttpd writing...

9.8CVSS9.9AI score0.13467EPSS
Exploits3References9
Rows per page
Query Builder