Lucene search
K

843 matches found

Cvelist
Cvelist
added 2026/06/12 8:57 a.m.29 views

CVE-2026-50629 Apache CXF: OAuth2: Log Injection via Unsanitized Client Identifier

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

0.0047EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:57 a.m.9 views

CVE-2026-50629 Apache CXF: OAuth2: Log Injection via Unsanitized Client Identifier

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

5.3AI score0.0047EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:57 a.m.22 views

CVE-2026-50629

The CVE-2026-50629 issue affects Apache CXF’s OAuth2 server where the 'clientId' from HTTP requests is concatenated into log warning messages without sanitizing control characters. This creates log injection risk by allowing arbitrary content in logs. Root cause: unsanitized control characters in...

5.3CVSS5.4AI score0.0047EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/12 8:57 a.m.11 views

EUVD-2026-36397

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

5.3CVSS5.3AI score0.0047EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.12 views

PT-2026-48848

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

5.3AI score0.0047EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 7:16 p.m.9 views

CVE-2026-47250

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

6.1CVSS0.00267EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 6:16 p.m.14 views

CVE-2026-20260

In Splunk SOAR Security Orchestration, Automation, and Response versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute ANSI escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might...

4.3CVSS0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 5:16 p.m.10 views

EUVD-2026-36087

In Splunk SOAR Security Orchestration, Automation, and Response versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute ANSI escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might...

4.3CVSS5.5AI score0.00199EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 5:16 p.m.18 views

CVE-2026-20260

In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker can inject ANSI escape codes into SOAR logs via specially crafted HTTP request paths. The root cause is that SOAR does not strip control characters from HTTP request paths before wr...

4.3CVSS5.5AI score0.00199EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 5:16 p.m.28 views

CVE-2026-20260 Log Injection through HTTP Request Paths in Splunk SOAR

In Splunk SOAR Security Orchestration, Automation, and Response versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute ANSI escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might...

4.3CVSS0.00199EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

Splunk SOAR 安全漏洞

Splunk SOAR is a security orchestration, automation, and response platform provided by Splunk Inc. Versions of Splunk SOAR prior to 8.5.0 contained a security vulnerability. This vulnerability stemmed from SOAR failing to strip control characters from the HTTP request path before writing...

4.3CVSS5.3AI score0.00199EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48439

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrap line app/modules/common/common.py:181-186 and highlight word app/modules/common/common.py:188-192 build raw HTML by string concatenation with no escaping. The frontend...

6.1CVSS5.4AI score0.00149EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/06 4:28 a.m.8 views

CVE-2026-9016

The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due to the logjserrors AJAX handler being registered for unauthenticated users via...

5.3CVSS5.6AI score0.00261EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/06 4:28 a.m.8 views

CVE-2026-9016 Debug Log Manager <= 2.5.0 - Unauthenticated Improper Output Neutralization for Logs via log_js_errors AJAX Action

The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due to the logjserrors AJAX handler being registered for unauthenticated users via...

5.3CVSS5.6AI score0.00261EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/06 4:28 a.m.12 views

EUVD-2026-34960

The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due to the logjserrors AJAX handler being registered for unauthenticated users via...

5.3CVSS5.6AI score0.00261EPSS
Exploits0References6
CVE
CVE
added 2026/06/06 4:28 a.m.44 views

CVE-2026-9016

The CVE concerns the WordPress plugin Debug Log Manager (

5.3CVSS5.6AI score0.00261EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/06 1:26 a.m.15 views

EUVD-2026-34942

The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanitization in the getrestroute function and missing output escaping in the columndefault method of the...

7.2CVSS5.8AI score0.00338EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.8 views

WordPress plugin Debug Log Manager – Conveniently Monitor and Inspect Errors 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.9 views

CVE-2026-45684

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log...

5.3CVSS5.4AI score0.00172EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-2404

CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /jsecurity check request payload...

6.9CVSS5.5AI score0.00186EPSS
Exploits0References1
Rows per page
Query Builder