6 matches found
CVE-2025-57564
CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into production systems via the /api/logs/insert/elasticsearch/bulk endpoint. This endpoint accepts bulk log data without requiring authentication or input validation, allowing remote attackers to perform...
CVE-2025-57564
CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into production systems via the /api/logs/insert/elasticsearch/bulk endpoint. This endpoint accepts bulk log data without requiring authentication or input validation, allowing remote attackers to perform...
CVE-2025-57564
CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into production systems via the /api/logs/insert/elasticsearch/bulk endpoint. This endpoint accepts bulk log data without requiring authentication or input validation, allowing remote attackers to perform...
CubeAPM 安全漏洞
CubeAPM is a code development tool from CubeAPM, Inc. A security vulnerability exists in the CubeAPM nightly-2025-08-01-1 release that originates from an unauthenticated attacker being able to inject arbitrary log entries via the /api/logs/insert/elasticsearch/bulk endpoint, which could lead to l...
CVE-2025-57564
CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into production systems via the /api/logs/insert/elasticsearch/bulk endpoint. This endpoint accepts bulk log data without requiring authentication or input validation, allowing remote attackers to perform...
CVE-2025-57564
CVE-2025-57564 affects CubeAPM core (nightly-2025-08-01-1). An unauthenticated attacker can inject arbitrary log entries via the /api/logs/insert/elasticsearch/_bulk endpoint due to lack of authentication/input validation, potentially causing log poisoning, false entries, alert obfuscation, and o...