CVE-2026-26074

EVerest EV charging software stack has a data race in versions prior to 2026.02.0, causing possible corruption of map data structures (event_queue). The race is triggered over the network CSMS GetLog/UpdateFirmware request when an EVSE fault event is present, leading to concurrent access detected...

CVE-2026-31959 SSRF in Quill via unvalidated URL from Apple notarization log retrieval

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple'...

GHSA-7Q3Q-5PX6-4C5P Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval

Impact Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not possible under standard network...

CVE-2025-54293

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links...

EUVD-2022-51009

Malicious code in bioql PyPI...

EUVD-2023-57674

Malicious code in bioql PyPI...

EUVD-2023-57813

Malicious code in bioql PyPI...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the validLogFileName and validExecOutputFileName functions, which insufficiently validate log file names, allowing traversal sequences after certain prefixes. An attacker can access sensitive files on the host...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the validLogFileName and validExecOutputFileName functions, which insufficiently validate log file names, allowing traversal sequences after certain prefixes. An attacker can access sensitive files on the host...

CVE-2025-54293

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links...

CVE-2025-54293 Path Traversal in LXD Instance Log File Retrieval

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links...

CVE-2025-54293

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links...

LXD 安全漏洞

LXD is a Canonical open source container for managing applications on Linux-based systems. A security vulnerability exists in LXD version 5.0 LTS, which stems from a path traversal in the log file retrieval function that could lead to reading arbitrary files on the host system...

PT-2025-40340

Name of the Vulnerable Software and Affected Versions Canonical LXD version 5.0 LTS Description An issue exists in the log file retrieval function that allows authenticated remote attackers to read arbitrary files on the host system. This occurs through crafted log file names or symbolic links. T...

GO-2025-3806 Juju vulnerable to sensitive log retrieval via authenticated endpoint without authorization in github.com/juju/juju

Juju vulnerable to sensitive log retrieval via authenticated endpoint without authorization in github.com/juju/juju...

CVE-2025-6993

CVE-2025-6993 affects the Ultimate WP Mail plugin for WordPress (versions 1.0.17–1.3.6). The vulnerability arises from improper authorization in the get_email_log_details AJAX handler, which reads client-supplied post_id and returns the corresponding email log content (including the admin passwor...

Juju vulnerable to sensitive log retrieval via authenticated endpoint without authorization

Impact Any user with a Juju account on a controller can read debug log messages from the /log endpoint. No specific permissions are required - it's just sufficient for the user to exist in the controller user database. The log messages may contain sensitive information. Details The /log endpoint ...

GHSA-R64V-82FH-XC63 Juju vulnerable to sensitive log retrieval via authenticated endpoint without authorization

Impact Any user with a Juju account on a controller can read debug log messages from the /log endpoint. No specific permissions are required - it's just sufficient for the user to exist in the controller user database. The log messages may contain sensitive information. Details The /log endpoint ...

CVE-2025-53512 Sensitive log retrieval in Juju

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information...

CVE-2023-5358

Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters...