CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4558 matches found

Vulnrichment•added 2026/03/06 7:11 a.m.•2 views

CVE-2026-29059 Windmill: SUPERADMIN_SECRET (rarely used) can be accessed publicly

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's getlogfile endpoint "/api/w/workspace/jobsu/getlogfile/filename". The filename parameter is...

6.9CVSS5.8AI score0.23305EPSS

Exploits0References2

OSV•added 2026/03/06 7:11 a.m.•3 views

CVE-2026-29059 Windmill: SUPERADMIN_SECRET (rarely used) can be accessed publicly

6.9CVSS5.8AI score0.23305EPSS

Exploits0References4

Positive Technologies•added 2026/03/06 12:0 a.m.•0 views

PT-2026-23658

Name of the Vulnerable Software and Affected Versions Windmill versions prior to 1.603.3 Description Windmill is a developer platform for internal code, including APIs, background jobs, workflows, and UIs. A path traversal issue exists in the get log file API endpoint "/api/w/workspace/jobs u/get...

6.9CVSS5.9AI score0.23305EPSS

Exploits0References12

CNNVD•added 2026/03/06 12:0 a.m.•6 views

WindMill 路径遍历漏洞

WindMill is a free open-source tool developed by Lukasavicus’ individual developer. It is used to control the execution of tasks in Python. Versions of WindMill prior to 1.603.3 contained a path traversal vulnerability. This vulnerability stemmed from the filename parameter in the getlogfile...

7.5CVSS7.5AI score0.23305EPSS

Exploits0References3

RedhatCVE•added 2026/03/04 7:45 p.m.•1 views

CVE-2026-1265

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file...

5.3CVSS5.9AI score0.00039EPSS

Exploits0References1

Snyk•added 2026/03/04 6:29 p.m.•1 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the logging process. An attacker can obtain sensitive S3 access credentials by accessing the pod's logs. Remediation Upgrade github.com/rancher/backup-restore-operator/pkg/objectstore ...

6.9CVSS5.8AI score0.00015EPSS

Exploits0References2

Cvelist•added 2026/03/03 7:42 p.m.•26 views

CVE-2026-1265 IBM InfoSphere Information Server is vulnerable due to sensitive information written to a log file

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file...

4.3CVSS0.00039EPSS

Exploits0References1

RedhatCVE•added 2026/02/28 1:54 a.m.•3 views

CVE-2026-28211

The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing. A vulnerability exists in versions 2.0 through 8.0 in the Log Reader feature of this add-on. A maliciously crafted log file can lead to arbitrary code execution when a user reads it with log...

7.8CVSS6.5AI score0.0001EPSS

Exploits0References1

NVD•added 2026/02/26 11:16 p.m.•6 views

CVE-2026-28211

7.8CVSS0.0001EPSS

Exploits0References3

Snyk•added 2026/02/26 10:48 p.m.•0 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the http.Error function. An attacker can obtain sensitive database credentials by triggering database errors through authenticated HTTP requests. Remediation Upgrade...

7.1CVSS6AI score

Exploits0References3

Snyk•added 2026/02/26 10:48 p.m.•3 views

Insertion of Sensitive Information into Log File

7.1CVSS6AI score

Exploits0References3

Snyk•added 2026/02/26 10:48 p.m.•1 views

Insertion of Sensitive Information into Log File

7.1CVSS6AI score

Exploits0References3

CVE•added 2026/02/26 10:29 p.m.•14 views

CVE-2026-28211

The CVE affects the NVDA Dev & Test Toolbox add-on (Log Reader feature) with versions 2.0–8.0. Reading a crafted log file via log reading commands triggers unsafe evaluation of Python expressions embedded in log entries, allowing attacker-controlled code to execute with the current user’s privile...

7.8CVSS6.5AI score0.0001EPSS

Exploits0References3

Cvelist•added 2026/02/26 10:29 p.m.•25 views

CVE-2026-28211 Arbitrary code execution in log reader via untrusted log file

7.8CVSS0.0001EPSS

Exploits0References3

ATTACKERKB•added 2026/02/26 10:29 p.m.•2 views

CVE-2026-28211

7.8CVSS6.4AI score0.0001EPSS

Exploits0References4Affected Software1

OSV•added 2026/02/26 10:29 p.m.•4 views

CVE-2026-28211 Arbitrary code execution in log reader via untrusted log file

7.8CVSS6.5AI score0.0001EPSS

Exploits0References5

GithubExploit•added 2026/02/26 5:28 p.m.•141 views

Exploit for CVE-2026-2636

CVE-2026-2636: CLFS.sys Unrecoverable State Leading to BSoD !...

5.5CVSS5.6AI score0.00057EPSS

Exploits2

Snyk•added 2026/02/26 3:13 a.m.•1 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the provider debug logging. An attacker can obtain sensitive information such as passwords, StackScript content, and object storage data by accessing provider debug logs when it is...

7.7CVSS5.9AI score0.00014EPSS

Exploits0References2

Snyk•added 2026/02/26 3:13 a.m.•1 views

Insertion of Sensitive Information into Log File

7.7CVSS5.9AI score0.00014EPSS

Exploits0References2

Snyk•added 2026/02/26 3:13 a.m.•0 views

Insertion of Sensitive Information into Log File

7.7CVSS5.9AI score0.00014EPSS

Exploits0References2

Rows per page