Lucene search
K

64 matches found

NVD
NVD
added 2026/07/01 6:16 p.m.5 views

CVE-2026-49091

Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection via Log Injection-Tampering-Forging CAPEC-93. An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal tha...

8CVSS0.00201EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 5:21 p.m.29 views

CVE-2026-49091

CVE-2026-49091 affects Kibana and is caused by improper output neutralization for logs (CWE-117), enabling log injection when log content is viewed in terminals that interpret control sequences. Affected: Kibana 7.x up to 7.17.14 and 8.x up to 8.11.0. Remedies: upgrade to 7.17.15 or 8.11.1; mitig...

8CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/01 5:21 p.m.50 views

CVE-2026-49091 Improper Output Neutralization for Logs in Kibana Leading to Log Injection

Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection via Log Injection-Tampering-Forging CAPEC-93. An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal tha...

8CVSS0.00201EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 9:16 a.m.11 views

CVE-2026-10745

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1...

7.9CVSS0.00264EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 8:4 a.m.17 views

CVE-2026-10745

CVE-2026-10745 affects upKeeper Solutions a.k.a. upKeeper Instant Privilege Access on Windows, vulnerable through version 1.6.1. Root cause: improper output neutralization in logs (log injection/tampering/forging). Reported impact per metrics indicates high risk for subsequent system confidential...

7.9CVSS5.9AI score0.00264EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 8:4 a.m.36 views

CVE-2026-10745

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1...

7.9CVSS0.00264EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51738

Name of the Vulnerable Software and Affected Versions upKeeper Instant Privilege Access versions prior to 1.6.2 Description Improper output neutralization for logs in upKeeper Instant Privilege Access on Windows enables Log Injection, Tampering, and Forging. This occurs when the application fails...

7.9CVSS5.8AI score0.00264EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/19 9:39 p.m.5 views

CVE-2026-56082 Supabase - Unauthenticated Cross-Tenant Billing Log Tampering via public.record_build_time RPC

Capgo Cap-go/capgo before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.recordbuildtime, which is granted to the anon role and callable with only the public Supabase publishable sbpublishable anon key. An unauthenticated attacker...

8.7CVSS6AI score0.00242EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 9:39 p.m.23 views

CVE-2026-56082

Capgo (Cap-go/capgo) prior to 12.128.2 has an improper access control in the SECURITY DEFINER PostgREST RPC function public.record_build_time, which is accessible to anon and can be called with the public Supabase publishable anon key. An unauthenticated attacker can insert into public.build_logs...

8.7CVSS6AI score0.00242EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.6 views

EulerOS 2.0 SP11 : aide (EulerOS-SA-2026-1569)

According to the versions of the aide package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An...

6.2CVSS5.9AI score0.00216EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.4 views

EulerOS 2.0 SP11 : aide (EulerOS-SA-2026-1597)

According to the versions of the aide package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An...

6.2CVSS5.9AI score0.00216EPSS
Exploits2References3
Hacker One
Hacker One
added 2026/03/04 12:47 p.m.15 views

curl: In curl's SASL OAUTHBEARER authentication, including the SOH character (0x01) in the username corrupts the message structure.

Summary: This vulnerability arises because curl fails to validate the contents of the username when constructing OAuth2 authentication messages. Depending on the server-side implementation, this could lead to log tampering or credential spoofing. Affected version curl 8.18.0...

5.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/02/10 12:54 p.m.4 views

nodejs: Nodejs filesystem permissions bypass

A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via futimes even when the process has only read permissions. Unlike utimes, futimes does not apply the expected write-permission checks, which means file metadata can be modified in read-on...

5.3CVSS5.7AI score0.00227EPSS
Exploits0References5
CNVD
CNVD
added 2026/02/05 12:0 a.m.6 views

TeamViewer DEX Client Input Validation Error Vulnerability

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. An input validation error vulnerability exists in TeamViewer DEX Client versions prior to 26.1, which stems from a lack of validation of user control values in Content Distribution...

6.5CVSS5.8AI score0.00696EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.4 views

EulerOS Virtualization 2.10.0 : aide (EulerOS-SA-2026-1153)

According to the versions of the aide package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability...

6.2CVSS5.9AI score0.00216EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/01/30 10:10 a.m.8 views

CVE-2026-23566

A vulnerability in TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper with, or forge log entries in \Nomad Branch.log via crafted data sent to the UDP network handler. Th...

6.5CVSS5.9AI score0.00168EPSS
Exploits0References1
OSV
OSV
added 2026/01/29 9:16 a.m.5 views

CVE-2026-23566

A vulnerability in TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper with, or forge log entries in \Nomad Branch.log via crafted data sent to the UDP network handler. Th...

6.5CVSS5.8AI score0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/29 8:50 a.m.31 views

CVE-2026-23570 Log timestamp tampering vulnerability in Content Distribution Service

A missing validation of a user-controlled value in the TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows an adjacent network attacker to tamper with log timestamps via crafted UDP Sync command. This could result in forged o...

6.5CVSS0.00696EPSS
Exploits0References1
CVE
CVE
added 2026/01/29 8:50 a.m.17 views

CVE-2026-23570

The CVE-2026-23570 vulnerability affects the TeamViewer DEX Client (former 1E Client) Content Distribution Service, specifically NomadBranch.exe prior to version 26.1 on Windows. It arises from missing validation of a user-controlled value, allowing an adjacent network attacker to tamper with log...

6.5CVSS5.9AI score0.00696EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/01/29 8:46 a.m.3 views

EUVD-2026-4984

A vulnerability in TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper with, or forge log entries in \Nomad Branch.log via crafted data sent to the UDP network handler. Th...

6.5CVSS5.9AI score0.00168EPSS
Exploits0References1
Rows per page
Query Builder