CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added last week•6 views

CVE-2026-10078

Vulnrichment•added last week•6 views

CVE-2026-10078 Quay/config-tool: quay/config-tool: gitlab oauth client_secret exposed in url querystring

EUVD•added last week•9 views

EUVD-2026-33272

RedhatCVE•added last week•9 views

CVE-2026-10078

ATTACKERKB•added 2026/05/08 6:58 p.m.•5 views

CVE-2026-41495

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the...

5.3CVSS5.7AI score0.00081EPSS

Exploits0References3Affected Software1

OSV•added 2026/04/23 2:31 p.m.•2 views

GHSA-PFM2-2MHG-8WPX n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests

Impact When n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the authentication outcome. In deployments where logs are collected, forwarded to external systems, or viewable outside the request trust...

5.3CVSS5.7AI score0.00081EPSS

Exploits0References4

CNVD•added 2026/04/16 12:0 a.m.•1 views

IBM Tivoli Netcool Impact Log Information Disclosure Vulnerability

IBM Tivoli Netcool Impact is a suite of network management software from International Business Machines IBM. The software has the ability to automate business-critical functions and provide a platform that provides unified access to real-time data, events and indicators. IBM Tivoli Netcool Impac...

8.4CVSS5.4AI score0.00014EPSS

Exploits0

CNVD•added 2026/04/15 12:0 a.m.•2 views

Schneider Electric PowerChute Serial Shutdown Log Message Disclosure Vulnerability

Schneider Electric PowerChute Serial Shutdown is a UPS management, normal shutdown and energy management software from Schneider Electric France. Schneider Electric PowerChute Serial Shutdown suffers from a log information disclosure vulnerability that can be exploited by an attacker to cause a W...

5CVSS5.3AI score0.00015EPSS

Exploits0

CNNVD•added 2026/04/14 12:0 a.m.•3 views

Schneider Electric PowerChute Serial Shutdown 日志信息泄露漏洞

5CVSS5.7AI score0.00015EPSS

CNNVD•added 2026/04/08 12:0 a.m.•2 views

IBM Tivoli Netcool Impact 日志信息泄露漏洞

8.4CVSS5.8AI score0.00014EPSS

CNVD•added 2026/03/09 12:0 a.m.•4 views

Apache Airflow Log Message Disclosure Vulnerability

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow has a log information disclosure vulnerability. An...

6.5CVSS5.8AI score0.00029EPSS

CNNVD•added 2026/03/03 12:0 a.m.•2 views

IBM InfoSphere Information Server 日志信息泄露漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A log information disclosure vulnerability exists in IBM InfoSphere Information Server that...

5.3CVSS5.7AI score0.00039EPSS

Vulnrichment•added 2026/02/10 10:53 a.m.•2 views

CVE-2025-11537 Keycloak-server: sensitive headers shown in the http access logs

A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern such as the pre-defined 'long' pattern, sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with read access to the log files can extract...

5CVSS5.5AI score0.00006EPSS

Positive Technologies•added 2026/02/03 12:0 a.m.•1 views

PT-2026-6470

Summary RustFS logs sensitive credential material access key, secret key, session token to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be accessible to internal or external log consumers and could lead to compromise of sensitive...

6.9CVSS5.5AI score

CNVD•added 2026/01/30 12:0 a.m.•2 views

IBM Aspera Console Log Message Disclosure Vulnerability

IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. IBM Aspera Console suffers from a log information disclosure vulnerability that originates from the storage of...

4.9CVSS5.6AI score0.00049EPSS

CNNVD•added 2026/01/20 12:0 a.m.•2 views

IBM Aspera Console 日志信息泄露漏洞

4.9CVSS5.8AI score0.00049EPSS

Tenable Nessus•added 2026/01/15 12:0 a.m.•2 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003278)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003278 advisory. The klsi105getlinestate function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon ...

5.5CVSS7AI score0.00082EPSS

Exploits0References11

CNNVD•added 2026/01/13 12:0 a.m.•2 views

Microsoft Windows Kernel 日志信息泄露漏洞

Microsoft Windows Kernel is the kernel of the Windows operating system from Microsoft Corporation USA. A log information disclosure vulnerability exists in Microsoft Windows Kernel. An attacker exploiting this vulnerability could gain access to sensitive information. The following products and...

6.2CVSS5.8AI score0.00056EPSS

CNNVD•added 2026/01/12 12:0 a.m.•0 views

hermes 日志信息泄露漏洞

Hermes is a workflow platform open-sourced by Automated Software Metadata Publication. A log information disclosure vulnerability exists in hermes version 0.8.1 through versions prior to 0.9.1, which stems from the hermes subcommand logging arbitrary options in raw form under the -O parameter,...

5.9CVSS6AI score0.00007EPSS