CVE-2026-28221

CVE-2026-28221 – Wazuh pre-auth stack-based buffer overflow is confirmed in wazuh-remoted’s print_hex_string(). From versions 4.8.0 to before 4.14.4, attacker-controlled bytes are formatted with sprintf(dst_buf + 2*i, "%.2x", src_buf[i]) on signed-char platforms, causing sign-extension and an out...

CVE-2026-26204 Wazuh: Heap-based NULL WRITE Buffer Underflow in GetAlertData

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, resulting in writing a NULL byte exactly 1 byte before the start of the buffer allocated by strdup. D...

CVE-2026-26204

Wazuh versions 1.0.0–4.14.3 are affected by a heap-based out-of-bounds write in GetAlertData that writes a NULL byte 1 byte before the start of the buffer allocated by strdup, due to an unsigned underflow. This corrupts heap metadata and can allow a compromised agent to cause denial of service or...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in zookeeper-3.8.4.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in zookeeper-3.8.4.jar Vulnerability Details CVEID:CVE-2026-24281 DESCRIPTION: Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or...

oci-utils security update

-- 0.14.0-21 - Update the debugging log file path. Orabug: 39250938...

Juniper Junos OS Multiple Vulnerabilities (JSA88135)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA88135 advisory. - NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer...

ProjeQtOr 路径遍历漏洞

ProjeQtOr is a project management software developed by the French company ProjeQtOr. Versions 7.0 to 12.4.3 of ProjeQtOr contain a path traversal vulnerability. This vulnerability stems from the lack of validation of the directory traversal sequence in the logname parameter of the...

Insertion of Sensitive Information into Log File

Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the POST /mcp endpoint. An attacker can cause sensitive information such as bearer tokens, API...

Simply Static - Information Disclosure

Patrick Posner Simply Static versions up to 3.1.3 contain a vulnerability for insertion of sensitive information into log files caused by improper handling of log data, letting attackers potentially access sensitive information, exploit requires no specific privileges. id: CVE-2024-32825 info:...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the collaborator websocket feed, which broadcasts raw request headers, including sensitive authorization data, before access control is enforced. An attacker can gain unauthorized...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the collaborator websocket feed, which broadcasts raw request headers, including sensitive authorization data, before access control is enforced. An attacker can gain unauthorized...

📄 Below Log File Symlink Privilege Escalation

This Metasploit module exploits a local privilege escalation vulnerability in the below utility when executed with sudo. This affects versions prior to 0.9.0. ================================================================================================================================== | Title...

CVE-2026-23775

Dell PowerProtect Data Domain appliances with Data Domain Operating System DD OS of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with remote access...

CVE-2026-23775

Affected product/versions: Dell PowerProtect Data Domain appliances running DD OS Feature Release 8.0–8.5 and LTS2025 8.3.1.0–8.3.1.10. Vulnerability and root cause: In DD OS, an insertion of sensitive information into a log file. The provided documents do not specify the exact code path but indi...

CVE-2026-23775

Dell PowerProtect Data Domain appliances with Data Domain Operating System DD OS of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with remote access...

PT-2026-33428

Dell PowerProtect Data Domain appliances with Data Domain Operating System DD OS of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with remote access...

Apache Tomcat 10.1.22 < 10.1.54 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.54. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.54security-10 advisory. - Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clusteri...

EUVD-2025-209506

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able ...

CVE-2025-43937

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able ...

CVE-2025-43937

CVE-2025-43937 affects Dell PowerScale OneFS prior to 9.12.0.0. The flaw is an insertion of sensitive information into log files, enabling a low-privileged, local attacker to disclose certain user credentials and potentially access the vulnerable application using the compromised account’s privil...