76 matches found
CVE-2025-68609
A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible...
CVE-2025-68609
The connected records confirm CVE-2025-68609 affects Palantir’s Aries service running on Apollo instances, with unauthenticated access to log viewing/management when default configuration is used. The root issue is a bypass of authentication and authorization checks, potentially enabling any netw...
CVE-2025-68609 Authentication bypass in Aries due to misconfiguration
A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible...
CVE-2026-22265
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...
CVE-2026-22265
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...
CVE-2026-22265
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...
Roxy-WI operating system command injection vulnerability
Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions prior to Roxy-WI 8.2.8.2 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the log viewing feature’s ability to allow command...
PT-2026-3072
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...
CVE-2025-60936
CVE-2025-60936 affects Emoncms 11.7.3. The issue is a cross-site scripting flaw in the input handling mechanism that, when an authenticated API user views application logs, allows injecting JavaScript for execution in the admin context. Root cause and impact are described across multiple sources ...
EUVD-2015-7168
Malware in sbrugna...
EUVD-2015-0285
Malware in sbrugna...
EUVD-2017-13013
Malware in sbrugna...
EUVD-2017-8074
Malware in sbrugna...
PT-2025-35709
Name of the Vulnerable Software and Affected Versions: versions not specified Description: Users with webhook permissions can conduct Server-Side Request Forgery SSRF via webhooks. If they have permission to view the webhook logs, the partial request response is also disclosed. This allows...
CVE-2015-7237
Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent MA 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors...
PT-2024-17383 · Crushftp · Crushftp
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves improper input handling in the 'Host Header', allowing an unauthenticated attacker to store a payload in web application logs. When a...
CVE-2024-33860
Summary : CVE-2024-33860 affects Logpoint before 7.4.0. A Local File Inclusion (LFI) issue arises when an arbitrary file path is used in the File System Collector, allowing the contents of the specified file to appear in incoming logs. Impact : exposes file contents through log data; scope restri...
POST SMTP Mailer < 2.8.8 - Authorization Bypass via type connect-app API
Description The plugin is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to...
CVE-2023-38065
CVE-2023-38065 concerns JetBrains TeamCity before 2023.05.1, where a stored XSS vulnerability exists when viewing the build log. Sources (CNVD, Red Hat, Nessus and others) describe the issue as caused by incorrect validation of user-supplied input in the build log and confirm the vulnerability is...
CVE-2023-31437
An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."...