Exploit for SQL Injection in Progress Moveit_Cloud

CVE-2023-34362 MOVEit Transfer Vulnerability Analysis Proj...

CVE-2021-27140

An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs...

Google Chrome Security Bypass Vulnerability (CNVD-2026-11750)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from insufficient enforcement of new policies on the network, which can be exploited by an attacker to obtain potentially sensitive information via web log files...

EUVD-2025-36512

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the default firewall IP search values. When a user updates these defaults,...

CVE-2025-32916

Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions 2.4.0p13, 2.3.0p38, 2.2.0p46, and 2.1.0 EOL may cause sensitive form data to be included in URL query parameters, which may be logged in various places such as browser history or web server logs...

EUVD-2005-0436

Malware in sbrugna...

CVE-2025-54812

CVE-2025-54812 affects Apache Log4cxx prior to 1.5.0. The issue is due to improper output neutralization in HTMLLayout: logger names from untrusted sources are not escaped when writing HTML logs, enabling potential HTML/JS injection that could lead to log manipulation or information exposure when...

CrushFTP 安全漏洞

CrushFTP is a file transfer server from CrushFTP, Inc. A security vulnerability exists in CrushFTP versions 10.8.2 and 11.2.1 that stems from the presence of incorrect input handling, which could allow an unauthenticated attacker to store payloads in web application logs, resulting in a stored...

UBUNTU-CVE-2024-47094

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p22, 2.2.0p37, 2.1.0p50 EOL causes remote site secrets to be written to web log files accessible to local site users...

PT-2024-32406 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p22 Checkmk versions prior to 2.2.0p37 Checkmk versions prior to 2.1.0p50 EOL Description: The issue concerns the insertion of sensitive information into log files in Checkmk, causing remote site secrets to be...

PT-2024-27936 · Advantech · Advantech Adam 5550

Name of the Vulnerable Software and Affected Versions: Advantech ADAM 5550 affected versions not specified Description: The device's web application includes a "logs" page where all HTTP requests received are displayed to the user. However, it fails to correctly neutralize malicious code when...

FOGProject 安全漏洞

FOGProject is a free open source network computer cloning and management solution from FOGProject Open Source. It can be used to deploy and manage any desktop operating system. A security vulnerability exists in FOGProject 1.5.10.41.4 and prior versions, which stems from the ability to disclose...

Fides 安全漏洞

Fides is an open source privacy engineering platform for managing the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in Fides that stems from improper SQLAlchemy password string escaping, which...

PT-2024-24118 · Mintplex +1 · Anything-Llm +1

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: A Server-Side Request Forgery SSRF vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin...

PT-2024-4789

Name of the Vulnerable Software and Affected Versions: VMware Cloud Director Object Storage Extension affected versions not specified Description: The issue concerns an Insertion of Sensitive Information, where a malicious actor with adjacent access to web/proxy server logging may obtain sensitiv...

CVE-2023-0815 Plaintext Password Present in the Web logs

Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizo...

NY Charges First American Financial for Massive Data Leak

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the targ...

Citrix App Layering - Error while trying to import layers

While trying to import layers, App Layering console displays an error: "An unexpected exception occurred. If this problem continues, contact Technical Support and provide them with the details of this exception". Looking at the ELM Web logs, we might see the below errors: ERROR 2832HandlerHelper:...

Sahi pro 8.x - Cross-Site Scripting

Exploit Title: Sahi pro alertdocument.cookie”.start; log“testing stored XSS injection”; $tc1.end; Step 2 : Execute the created script poc.sah using sahi GUI controller . Step 3 : navigate to the web logs console http://:/logs using the browser for the executed script. XSS is triggered...

CVE-2017-3185

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's histor...