Lucene search
+L

76 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/22 7:6 p.m.3 views

CVE-2025-68609

A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible...

6.6CVSS5.4AI score0.00368EPSS
Exploits0References2
CVE
CVE
added 2026/01/22 7:6 p.m.14 views

CVE-2025-68609

The connected records confirm CVE-2025-68609 affects Palantir’s Aries service running on Apollo instances, with unauthenticated access to log viewing/management when default configuration is used. The root issue is a bypass of authentication and authorization checks, potentially enabling any netw...

6.6CVSS5.6AI score0.00368EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/22 7:6 p.m.4 views

CVE-2025-68609 Authentication bypass in Aries due to misconfiguration

A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible...

6.6CVSS5.6AI score0.00368EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/16 5:26 p.m.15 views

CVE-2026-22265

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...

7.5CVSS7.9AI score0.02117EPSS
Exploits1References1
NVD
NVD
added 2026/01/15 5:16 p.m.11 views

CVE-2026-22265

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...

7.5CVSS0.02117EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/15 4:27 p.m.2 views

CVE-2026-22265

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...

7.5CVSS6AI score0.02117EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.8 views

Roxy-WI operating system command injection vulnerability

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions prior to Roxy-WI 8.2.8.2 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the log viewing feature’s ability to allow command...

7.5CVSS6AI score0.02117EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.10 views

PT-2026-3072

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...

7.5CVSS7.9AI score0.02117EPSS
Exploits1References4
CVE
CVE
added 2025/10/24 12:0 a.m.19 views

CVE-2025-60936

CVE-2025-60936 affects Emoncms 11.7.3. The issue is a cross-site scripting flaw in the input handling mechanism that, when an authenticated API user views application logs, allows injecting JavaScript for execution in the admin context. Root cause and impact are described across multiple sources ...

6.1CVSS6.3AI score0.00178EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-7168

Malware in sbrugna...

5CVSS6.4AI score0.02754EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-0285

Malware in sbrugna...

4CVSS6.1AI score0.01676EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-13013

Malware in sbrugna...

5.9CVSS5.9AI score0.02474EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-8074

Malware in sbrugna...

6.1CVSS6.3AI score0.00652EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.10 views

PT-2025-35709

Name of the Vulnerable Software and Affected Versions: versions not specified Description: Users with webhook permissions can conduct Server-Side Request Forgery SSRF via webhooks. If they have permission to view the webhook logs, the partial request response is also disclosed. This allows...

2.7CVSS6AI score0.00283EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 1:0 a.m.7 views

CVE-2015-7237

Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent MA 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors...

5CVSS6.6AI score0.02754EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/13 12:0 a.m.9 views

PT-2024-17383 · Crushftp · Crushftp

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves improper input handling in the 'Host Header', allowing an unauthenticated attacker to store a payload in web application logs. When a...

9.6CVSS6.2AI score0.00554EPSS
Exploits0References5
CVE
CVE
added 2024/05/07 12:0 a.m.66 views

CVE-2024-33860

Summary : CVE-2024-33860 affects Logpoint before 7.4.0. A Local File Inclusion (LFI) issue arises when an arbitrary file path is used in the File System Collector, allowing the contents of the specified file to appear in incoming logs. Impact : exposes file contents through log data; scope restri...

6.5CVSS6.9AI score0.00446EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/11 12:0 a.m.80 views

POST SMTP Mailer < 2.8.8 - Authorization Bypass via type connect-app API

Description The plugin is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to...

9.8CVSS9.5AI score0.90339EPSS
Exploits6References1Affected Software1
CVE
CVE
added 2023/07/12 12:48 p.m.57 views

CVE-2023-38065

CVE-2023-38065 concerns JetBrains TeamCity before 2023.05.1, where a stored XSS vulnerability exists when viewing the build log. Sources (CNVD, Red Hat, Nessus and others) describe the issue as caused by incorrect validation of user-supplied input in the build log and confirm the vulnerability is...

5.4CVSS5.2AI score0.0104EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/06/13 5:15 p.m.6 views

CVE-2023-31437

An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."...

5.3CVSS6.7AI score0.00344EPSS
Exploits0References4
Rows per page
Query Builder