4556 matches found
PT-2026-43277
Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description IBM Db2 for Linux, UNIX, and Windows, including DB2 Connect Server, stores potentially sensitive information in log files. This data could be accessed an...
CVE-2026-25193
Insertion of Sensitive Information into Log File CWE-532 in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account not the default Network Service account are...
CVE-2026-25193
Insertion of Sensitive Information into Log File CWE-532 in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account not the default Network Service account are...
CVE-2026-25193
Insertion of Sensitive Information into Log File CWE-532 in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account not the default Network Service account are...
Unity Linux 20.1070e Security Update: undertow (UTSA-2026-016720)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016720 advisory. A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because...
CVE-2026-44052 LDAP simple-bind password exposure in log output
Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...
How a Webmail Log File Became a Root-Level Backdoor
THREAT ANALYSIS May 2026 · Forensic Case Study A forensic breakdown of how an attacker turned CyberPanel's SnappyMail logging into a persistent webshell that survived every WordPress cleanup attempt. A WordPress site owner reported redirect malware on their site. They found that clicking anywhere...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Tracing: Fixed a null pointer dereference in the tracingerrlogopen function. The function does not call seqopen if the file is opened only with write permissions. This results in file-privatedata being left as null. If we then us...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the support packet generation process. An attacker can access sensitive credentials in plaintext by downloading a support packet from the System Console. This is only exploitable if t...
Insertion of Sensitive Information into Log File
Overview github.com/mattermost/mattermost-plugin-calls/server is a package that enables voice calling and screen sharing functionality in Mattermost channels Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the plugin configuration process. ...
Insertion of Sensitive Information into Log File
Overview dbt-mcp is an A MCP Model Context Protocol server for interacting with dbt resources. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the calltool process when file logging is enabled via the DBTMCPSERVERFILELOGGING setting. An...
CVE-2026-41465
ProjeQtor versions 7.0 through 12.4.3 contain a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal sequences before constructing file paths. Authenticated attackers can inject directory traversal...
CVE-2026-40407
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-40397
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...
EUVD-2026-29667
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...
EUVD-2026-29659
Integer underflow wrap or wraparound in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...
EUVD-2026-29549
An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an...
CVE-2026-40397
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege Vulnerability
...
CVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege Vulnerability
...