Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
project log vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-14205
The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs.
Divebook Project Divebook 1.1.4
2.1
CVSSv2
CVE-2020-5262
In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ ...
Easybuild Project Easybuild
5
CVSSv2
CVE-2018-10028
joyplus-cms 1.6.0 allows remote malicious users to obtain sensitive information via a direct request to the install/ or log/ URI.
Joyplus-cms Project Joyplus-cms 1.6.0
4.3
CVSSv2
CVE-2022-1630
The WP-EMail WordPress plugin prior to 2.69.0 does not protect its log deletion functionality with nonce checks, allowing malicious user to make a logged in admin delete logs via a CSRF attack
Wp-email Project Wp-email
NA
CVE-2023-32313
vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node `inspect` method and edit options for `console.log`. As a result a threat actor can edit options for the `...
Vm2 Project Vm2
7.5
CVSSv2
CVE-2022-24860
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at dif...
Databasir Project Databasir 1.0.1
4.3
CVSSv2
CVE-2022-0385
The Crazy Bone WordPress plugin up to and including 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting
Crazy Bone Project Crazy Bone
5
CVSSv2
CVE-2010-3845
libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log.
Apache Authenhook Project Apache Authenhook 2.00-04
4.3
CVSSv2
CVE-2018-1000029
mcholste Enterprise Log Search and Archive (ELSA) version revision 1205, commit 2cc17f1 and previous versions contains a Cross Site Scripting (XSS) vulnerability in index view (/) that can result in . This attack appear to be exploitable via Payload delivered via the type, name, ...
Elsa Project Elsa
4.3
CVSSv2
CVE-2018-18825
Pagoda Linux panel V6.0 has XSS via the verification code associated with an invalid account login. A crafted code is mishandled during rendering of the login log.
Pagoda Linux Project Pagoda Linux 6.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »