25451 matches found
CVE-2026-56459 HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure
HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...
CVE-2026-31984
CVE-2026-31984 affects Guardian/CMC prior to version 26.2.0, where unbounded resource allocation in the audit logging path allows an unauthenticated attacker to submit oversized input, potentially exhausting disk space and causing DoS. Root cause: missing input size limit in audit entries. Impact...
CVE-2026-31984 DoS through oversized audit log entries in Guardian/CMC before 26.2.0
A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. An unauthenticated attacker can submit requests containing excessively large input that is recorded into...
Riello Netman 204 - SQL Injection
The three endpoints /cgi-bin/dbdatalogw.cgi, /cgi-bin/dbeventlogw.cgi, and /cgi-bin/dbmultimetrw.cgi are vulnerable to SQL injection without prior authentication. This enables an attacker to modify the collected log data in an arbitrary way. id: CVE-2024-8877 info: name: Riello Netman 204 - SQL...
CVE-2026-60092
The CVE-2026-60092 entry describes a stored cross-site scripting vulnerability in the AVideo Meet plugin. When a participant joins a public meeting, the raw HTTP User-Agent header is stored in meet_join_log.user_agent without sanitization and later echoed in the Participants management panel (vis...
Malicious code in gas-log (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36241e999d92bad738082bf420fc144391735f9f3707bc4baa0153b4cb0eec8a gas-log impersonates the legitimate eth-gas-reporter package: it reuses that project's README, keywords, badges, and CHANGELOG, and the README even...
CVE-2026-55437
CVE-2026-55437 affects Coder: prior to 2.29.17, 2.32.7, 2.33.8, and 2.34.2, AgentLogLine uses ansi-to-html without escapeXML: true and injects via dangerouslySetInnerHTML, enabling stored HTML injection in workspace agent logs. Exploitation requires a user with workspace-owner access to view atta...
PYSEC-2026-1687 Unauthenticated views may expose information to anonymous users
Impact A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated anonymous users, including the following: - /api/graphql/ 1 - /api/users/users/session/ Nautobot 2.x only; the only information exposed to an anonymous user is which authentication backend classes...
CVE-2026-14345
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values...
EUVD-2026-42009
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values...
CVE-2026-14345 WPFunnels <= 3.12.7 - Unauthenticated Remote Code Execution via 'postData' Parameter
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values...
CVE-2026-14345
The CVE-2026-14345 entry concerns the WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell (WordPress plugin). Affected versions up to and including 3.12.7 are vulnerable to Remote Code Execution via the postData parameter. The root cause is an unsanitized write of attacker...
CVE-2026-14345
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values...
CVE-2026-34035
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...
CVE-2026-34035 Coolify: Host RCE via Log Drain secret/env command injection
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...
CVE-2026-34035
CVE-2026-34035 affects Coolify. Prior to version 4.0.0-beta.466, log drain secret and environment values could be interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the host. Resulting impact is host RCE with high severity. ...
CVE-2026-34035
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...
DoS through oversized audit log entries in Guardian/CMC before 26.2.0
Summary A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. Impact An unauthenticated attacker can submit requests containing excessively large input that is...
ALSA-2026:36049 Important: kernel-rt security, bug fix, and enhancement update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount CVE-2026-23216 kernel: gfs2: Fix use-after-free in iomap inline...
Malicious code in color-cli-log (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43d15f0d189a3dff03fe5549073cad30c2c0d648e6b1b12d1385689c84c6888c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...