CVE-2026-34354

Akamai Guardicore Platform Agent GPA and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages. This enables a TOCTOU vulnerability in the...

RHCOS 4 : OpenShift Container Platform 4.17.16 (RHSA-2025:1122)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:1122 advisory. - cri-o: CRI-O Path Traversal in Log Handling Functions Allows Arbitrary Unmounting CVE-2025-0750 Note that Nessus has not tested for this...

CVE-2026-32743 PX4 Autopilot: Stack-based Buffer Overflow via Oversized Path Input in MAVLink Log Request Handling

PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to Stack-based Buffer Overflow through the MavlinkLogHandler, and are triggered via MAVLink log request. The LogEntry.filepath buffer is 60 bytes, but the sscanf function parses...

CVE-2025-12486

CVE-2025-12486 covers a cross-site scripting/remote code execution vulnerability in Heimdall Data Database Proxy. The flaw arises from improper validation of user-supplied data in the handling of database event logs, enabling arbitrary script injection and allowing an attacker to execute code in ...

CVE-2022-50562 tpm: acpi: Call acpi_put_table() to fix memory leak

In the Linux kernel, the following vulnerability has been resolved: tpm: acpi: Call acpiputtable to fix memory leak The start and length of the event log area are obtained from TPM2 or TCPA table, so we call acpigettable to get the ACPI information, but the acpigettable should be coupled with...

CVE-2022-50562 tpm: acpi: Call acpi_put_table() to fix memory leak

In the Linux kernel, the following vulnerability has been resolved: tpm: acpi: Call acpiputtable to fix memory leak The start and length of the event log area are obtained from TPM2 or TCPA table, so we call acpigettable to get the ACPI information, but the acpigettable should be coupled with...

EUVD-2014-7051

Malware in sbrugna...

EUVD-2021-21311

Malware in sbrugna...

EUVD-2007-4596

Malware in sbrugna...

PT-2025-43997

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 8.5.60 through 8.5.100 Apache Tomcat versions 9.0.40 through 9.0.108 Apache Tomcat versions 10.1.0-M1 through 10.1.44 Apache Tomcat versions 11.0.0-M1 through 11.0.10 Description Tomcat did not properly handle ANSI escap...

OESA-2025-2112 aide security update

Security Fixes: A vulnerability was found in AIDE up to 0.19.1 and classified as problematic.Using CWE to declare the problem leads to CWE-117. The product does not neutralize or incorrectly neutralizes output that is written to logs.Impacted is integrity.Upgrading to version 0.19.2 eliminates th...

OESA-2025-2111 aide security update

Security Fixes: A vulnerability was found in AIDE up to 0.19.1 and classified as problematic.Using CWE to declare the problem leads to CWE-117. The product does not neutralize or incorrectly neutralizes output that is written to logs.Impacted is integrity.Upgrading to version 0.19.2 eliminates th...

OESA-2025-2108 aide security update

Security Fixes: A vulnerability was found in AIDE up to 0.19.1 and classified as problematic.Using CWE to declare the problem leads to CWE-117. The product does not neutralize or incorrectly neutralizes output that is written to logs.Impacted is integrity.Upgrading to version 0.19.2 eliminates th...

Osc Open OnDemand 安全漏洞

Osc Open OnDemand is an application from the Osc open source organization in the United States. It provides a for accessing HPC services. A security vulnerability exists in Osc Open OnDemand versions prior to 3.1.14 and prior to 4.0.6 that stems from improper log handling and could lead to a deni...

CVE-2014-7174

FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature...

[SECURITY] Fedora 42 Update: syslog-ng-4.8.2-1.fc42

syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, databases SQL and NoSQL alike and more. Key features: receive and send RFC3164 and RFC5424 style syslog messages work with any kind of unstructured data receive and...

Multiple vulnerabilities in a-blog cms

Overview a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Path traversal CWE-22 CVE-2025-27566 This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege Cross-site scripting CWE-79...

Log Injection

Envoy Gateway is vulnerable to Log Injection. The vulnerability is due to improper log handling due to the use of a default Envoy Proxy access log configuration, allowing attackers to craft user-agent strings that inject and overwrite fields in the access log...

cri-o: CRI-O Path Traversal in Log Handling Functions Allows Arbitrary Unmounting

A vulnerability was found in CRI-O. A path traversal issue in the log management functions UnMountPodLogs and LinkContainerLogs may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system...

Symbolic Link Attack

github.com/golang/glog is vulnerable to symbolic link attack. The vulnerability is due to improper log file handling, which allows logs to be written to a widely-writable directory and also allows an attacker to pre-create a symlink to a sensitive file, which a privileged process may then overwri...