Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
project log vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-3881
The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin prior to 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it ...
Wptools Project Wptools
445
VMScore
CVE-2020-14205
The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs.
Divebook Project Divebook 1.1.4
187
VMScore
CVE-2020-5262
In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ ...
Easybuild Project Easybuild
445
VMScore
CVE-2018-10028
joyplus-cms 1.6.0 allows remote malicious users to obtain sensitive information via a direct request to the install/ or log/ URI.
Joyplus-cms Project Joyplus-cms 1.6.0
383
VMScore
CVE-2022-1630
The WP-EMail WordPress plugin prior to 2.69.0 does not protect its log deletion functionality with nonce checks, allowing malicious user to make a logged in admin delete logs via a CSRF attack
Wp-email Project Wp-email
NA
CVE-2023-32313
vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node `inspect` method and edit options for `console.log`. As a result a threat actor can edit options for the `...
Vm2 Project Vm2
668
VMScore
CVE-2022-24860
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at dif...
Databasir Project Databasir 1.0.1
383
VMScore
CVE-2022-0385
The Crazy Bone WordPress plugin up to and including 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting
Crazy Bone Project Crazy Bone
383
VMScore
CVE-2018-1000029
mcholste Enterprise Log Search and Archive (ELSA) version revision 1205, commit 2cc17f1 and previous versions contains a Cross Site Scripting (XSS) vulnerability in index view (/) that can result in . This attack appear to be exploitable via Payload delivered via the type, name, ...
Elsa Project Elsa
445
VMScore
CVE-2010-3845
libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log.
Apache Authenhook Project Apache Authenhook 2.00-04
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »