CVE-2026-44046

Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through...

EUVD-2026-38014

Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through...

PT-2026-50883

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 1.2.0 through 3.16.0 Description A Use of Less Trusted Source issue exists where an attacker can leverage the wolf-rbac plugin under default configuration. This allows for the potential pollution of logs with spoofed...

Improper Output Neutralization for Logs

Overview Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the unconditional acceptance of attacker-supplied HTTP headers in the getclientip function. An attacker can manipulate server-visible metadata, logs, and authorization decisions by supplying...

EUVD-2009-1196

Malware in sbrugna...

EUVD-2015-4024

Malware in sbrugna...

EUVD-2016-3018

Malware in sbrugna...

EUVD-2003-0382

Malware in sbrugna...

EUVD-2024-46269

Malicious code in bioql PyPI...

EUVD-2024-19805

Malicious code in bioql PyPI...

EUVD-2022-28865

Malicious code in bioql PyPI...

CLSA-2025-1755886078 tuned: Fix of CVE-2024-52337

CVE-2024-52337: sanitize API arguments to prevent log spoofing by both escaping ' characters and restricting newlines from being inserted...

Linux Distros Unpatched Vulnerability : CVE-2024-52337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequenc...

Security Bulletin: IBM Storage Defender: Data Protect vulnerabilities resolved in release Defender 2.0.14/Data Protect 7.2.2_u1

Summary Security Bulletin: IBM Storage Defender: Data Protect vulnerabilities resolved in release Defender 2.0.14/Data Protect 7.2.2u1. The vulnerabilities have been addressed in Data Protect 7.2.2u1, which is included with IBM Storage Defender 2.0.14. Vulnerability Details CVEID:CVE-2023-26118...

TencentOS Server 2: tuned (TSSA-2024:1049)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1049 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

Security Bulletin: IBM QRadar Network Packet Capture includes components with a known vulnerability (CVE-2024-52337)

Summary The product includes multiple vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM has addressed the relevant CVE. Vulnerability Details CVEID:CVE-2024-52337 DESCRIPTION: A log spoofing flaw was found in the Tuned package due to...

Alibaba Cloud Linux 3 : 0279: tuned (ALINUX3-SA-2024:0279)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0279 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-52337: A log spoofing flaw was found in th...

Log Spoofing Source Routing and Redirect Packets

Logging spoofing, source routing, and redirect packets sent to the system helps discover attack sources and formulate protection measures. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...