EUVD-2024-19839

Malicious code in bioql PyPI...

CVE-2025-51497

An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs went into the MacOS general logs for any unsandboxed process to read. This may be disabled in version 1.11.22...

CVE-2025-51497

An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs went into the MacOS general logs for any unsandboxed process to read. This may be disabled in version 1.11.22...

CVE-2025-51497

An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs went into the MacOS general logs for any unsandboxed process to read. This may be disabled in version 1.11.22...

AdGuard for Safari 安全漏洞

AdGuard for Safari is a Safari application extension for the AdGuard open source. A security vulnerability exists in AdGuard for Safari versions prior to 1.11.22 that originates from logging URLs accessed by Safari, which could lead to information disclosure...

CVE-2025-51497

An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs went into the MacOS general logs for any unsandboxed process to read. This may be disabled in version 1.11.22...

Security Bulletin: IBM Sterling B2B Integrator Standard Edition could disclose sensitive information in the HTTP response

Summary In IBM Sterling B2B Integrator's dashboard, many links have CSRF tokens at the end of URLs. An attacker could post something with a link to the B2Bi dashboard somewhere. If a B2Bi user who has the active http session and owns the token clicks the link then the request will be honored sinc...

CVE-2019-7612

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message...

CVE-2018-2491

When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the...

The CIS Critical Controls Explained - Control 7: Email and Web browser protection

This blog is a continuation of our blog post series around the CIS Critical Controls. The biggest threat surface in any organization is its workstations. This is the reason so many of the CIS Critical Security Controls relate to workstation and user-focused endpoint security. It is also the reaso...

CVE-2015-2714

Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows attackers to obtain sensitive information via a crafted application that has a required permission for reading a log, as demonstrated by the READLOGS permission for the...

Updated qtwebkit packages fix security vulnerabilities

Updated qtwebkit and qtwebkit5 packages fix security vulnerability: QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode...

Lynx format string vulnerability in URL logging.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The vendor has been notified, but since this is a low risk I am releasing early. Vapid Labs Larry W. Cashdollar Bug Report Summary: lynx has a format string vulnerability in LYUtils.c line 7995 due to a bad call to syslog, where the format argument is...