Lucene search
K

286 matches found

NVD
NVD
added last week9 views

CVE-2026-44024

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd allows dynamically constructing file paths using the $tag placeholder, and insufficient validation of $tag in file configurations such as the path...

9.8CVSS0.01085EPSS
Exploits0References4
NVD
NVD
added last week10 views

CVE-2026-44160

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's inhttp and inforward plugins support gzip-compressed data but enforce limits only on compressed payloads through settings such as bodysizelimit and...

7.5CVSS0.0062EPSS
Exploits0References4
NVD
NVD
added last week9 views

CVE-2026-44161

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, the Fluentd outhttp output plugin allows placeholders such as $tag in the endpoint configuration parameter, and if a placeholder value is derived from untrusted...

7.2CVSS0.00442EPSS
Exploits0References4
NVD
NVD
added last week10 views

CVE-2026-44025

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's Monitor Agent plugin inmonitoragent exposes internal metrics and plugin information via a REST API, and responses from /api/plugins.json and related...

7.5CVSS0.00482EPSS
Exploits0References4
CVE
CVE
added last week47 views

CVE-2026-44161

Fluentd’s out_http plugin (pre-1.19.3) allows placeholders such as ${tag} in the endpoint configuration. If a placeholder comes from untrusted input, an attacker can control the destination hostname of outbound HTTP requests and force requests to arbitrary internal services (SSRF). Affected versi...

7.2CVSS7.3AI score0.00442EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added last week35 views

CVE-2026-44161 Fluentd: Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, the Fluentd outhttp output plugin allows placeholders such as $tag in the endpoint configuration parameter, and if a placeholder value is derived from untrusted...

7.2CVSS0.00442EPSS
Exploits0References4
OSV
OSV
added last week3 views

CVE-2026-44161 Fluentd: Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, the Fluentd outhttp output plugin allows placeholders such as $tag in the endpoint configuration parameter, and if a placeholder value is derived from untrusted...

7.2CVSS7.1AI score0.00442EPSS
Exploits0References6
Cvelist
Cvelist
added last week36 views

CVE-2026-44160 Fluentd: Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's inhttp and inforward plugins support gzip-compressed data but enforce limits only on compressed payloads through settings such as bodysizelimit and...

7.5CVSS0.0062EPSS
Exploits0References4
CVE
CVE
added last week44 views

CVE-2026-44160

Fluentd CVE-2026-44160 affects in_http and in_forward plugins prior to 1.19.3, where gzip-compressed payloads were restricted only by body_size_limit and chunk_size_limit. Crafted compressed data can decompress in memory to an excessive size, causing DoS via memory exhaustion. The issue is fixed ...

7.5CVSS7.2AI score0.0062EPSS
Exploits0References4Affected Software1
OSV
OSV
added last week3 views

CVE-2026-44160 Fluentd: Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's inhttp and inforward plugins support gzip-compressed data but enforce limits only on compressed payloads through settings such as bodysizelimit and...

7.5CVSS7AI score0.0062EPSS
Exploits0References6
Cvelist
Cvelist
added last week36 views

CVE-2026-44025 Fluentd: Exposure of Sensitive Information via Monitor Agent API

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's Monitor Agent plugin inmonitoragent exposes internal metrics and plugin information via a REST API, and responses from /api/plugins.json and related...

7.5CVSS0.00482EPSS
Exploits0References4
OSV
OSV
added last week3 views

CVE-2026-44025 Fluentd: Exposure of Sensitive Information via Monitor Agent API

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's Monitor Agent plugin inmonitoragent exposes internal metrics and plugin information via a REST API, and responses from /api/plugins.json and related...

7.5CVSS7AI score0.00482EPSS
Exploits0References6
CVE
CVE
added last week58 views

CVE-2026-44025

CVE-2026-44025 affects Fluentd’s Monitor Agent in_monitor_agent. Prior to version 1.19.3, the REST API responses (e.g., /api/plugins.json) could expose internal metrics and plugin information that may contain sensitive data such as database passwords, API keys, or cloud credentials. The issue is ...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References4
CVE
CVE
added last week92 views

CVE-2026-44024

CVE-2026-44024 affects Fluentd. The issue arises when file paths are dynamically constructed via the ${tag} placeholder in configurations (notably in the out_file plugin). Insufficient validation of ${tag} with untrusted tags can introduce path traversal, enabling an attacker to write or overwrit...

9.8CVSS7.6AI score0.01085EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added last week36 views

CVE-2026-44024 Fluentd: Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd allows dynamically constructing file paths using the $tag placeholder, and insufficient validation of $tag in file configurations such as the path...

9.8CVSS0.01085EPSS
Exploits0References4
OSV
OSV
added last week2 views

CVE-2026-44024 Fluentd: Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd allows dynamically constructing file paths using the $tag placeholder, and insufficient validation of $tag in file configurations such as the path...

9.8CVSS7.3AI score0.01085EPSS
Exploits0References6
Chainguard
Chainguard
added 2026/06/30 8:22 p.m.6 views

GHSA-PR7J-96CJ-549H vulnerabilities

Vulnerabilities for packages: ruby3.2-fluentd-kubernetes-daemonset, kube-logging-operator, kube-fluentd-operator, ruby4.0-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/30 8:22 p.m.7 views

GHSA-72F5-RR8C-R6GR vulnerabilities

Vulnerabilities for packages: ruby3.2-fluentd-kubernetes-daemonset, kube-logging-operator, kube-fluentd-operator, ruby4.0-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/30 8:22 p.m.11 views

GHSA-44HJ-4M45-FRJ3 vulnerabilities

Vulnerabilities for packages: ruby3.2-fluentd-kubernetes-daemonset, kube-logging-operator, kube-fluentd-operator, ruby4.0-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/30 8:22 p.m.7 views

CVE-2026-44161 vulnerabilities

Vulnerabilities for packages: ruby3.2-fluentd-kubernetes-daemonset, kube-logging-operator, kube-fluentd-operator, ruby4.0-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset...

7.2CVSS7AI score0.00442EPSS
Exploits0
Rows per page
Query Builder