279 matches found
EUVD-2025-10045
Malicious code in bioql PyPI...
EUVD-2022-2277
Malicious code in bioql PyPI...
EUVD-2024-3317
Malicious code in bioql PyPI...
EUVD-2025-13874
Malicious code in bioql PyPI...
EUVD-2024-0682
Malicious code in bioql PyPI...
EUVD-2025-19760
Malicious code in bioql PyPI...
EUVD-2025-29412
Malicious code in bioql PyPI...
EUVD-2024-0497
Malicious code in bioql PyPI...
EUVD-2022-0790
Malicious code in bioql PyPI...
EUVD-2023-2058
Malicious code in bioql PyPI...
EUVD-2022-4096
Malicious code in bioql PyPI...
EUVD-2022-2137
Malicious code in bioql PyPI...
EUVD-2023-1928
Malicious code in bioql PyPI...
CVE-2025-53106
Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the...
CVE-2025-53106
Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the...
CVE-2025-53106 Graylog vulnerable to privilege escalation through API tokens
Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the...
CVE-2025-53106 Graylog vulnerable to privilege escalation through API tokens
Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the...
CVE-2025-53106
Graylog grant path vulnerability affects versions 6.2.0–6.2.4 and 6.3.0-alpha.1–6.3.0-rc.2. A weak permission check in the REST API token creation process lets a user with an account issue crafted requests to create API tokens for high-privilege users (including local Administrator), enabling pri...
CVE-2025-53106 Graylog vulnerable to privilege escalation through API tokens
Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the...
Privilege Escalation
Graylog is vulnerable to Privilege Escalation. The vulnerability is due to insufficient permission checks due to a flaw in the Graylog REST API that allows authenticated users to create and use API tokens for other users, such as the local Administrator, if they know the target user's ID...