CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

144 matches found

EUVD-2026-36041

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrapline app/modules/common/common.py:181-186 and highlightword app/modules/common/common.py:188-192 build raw HTML by string concatenation with no escaping. The frontend...

6.1CVSS5.4AI score0.00149EPSS

Exploits0References1

NVD•added 2026/06/01 9:16 a.m.•14 views

CVE-2026-40861

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

6.5CVSS0.00665EPSS

Exploits0References3

EUVD•added 2026/05/22 1:15 p.m.•7 views

EUVD-2026-31438

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0...

7.5CVSS5.8AI score0.00284EPSS

Exploits0References1

ATTACKERKB•added 2026/05/22 1:15 p.m.•3 views

CVE-2026-8671

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0...

7.5CVSS5.8AI score0.00284EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в tomcat9

A vulnerability in the cloud membership component of Apache Tomcat, where sensitive information was inserted into log files, exposed the Kubernetes bearer token. This issue affects Apache Tomcat versions: 11.0.0-M1 through 11.0.20, 10.1.0-M1 through 10.1.53, and 9.0.13 through 9.0.116. Users are...

7.5CVSS5.4AI score0.00447EPSS

Exploits0References1

EUVD•added 2026/04/17 9:31 a.m.•1 views

EUVD-2026-23392

Dell PowerProtect Data Domain appliances with Data Domain Operating System DD OS of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with remote access...

7.6CVSS5.8AI score0.00326EPSS

Exploits0References2

Cvelist•added 2026/04/08 12:4 p.m.•15 views

CVE-2026-5301 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in coolercontrol-ui

Stored XSS in log viewer in CoolerControl/coolercontrol-ui 4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries...

7.6CVSS0.00276EPSS

Exploits0References3

ATTACKERKB•added 2026/02/06 5:46 p.m.•2 views

CVE-2026-24903

OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Stored Cross-Site Scripting XSS vulnerability was discovered in the Log Message in the Session Page in OrcaStatLLM-Researcher that allows attackers to inject and execute arbitrary JavaScript code in victims' browsers through...

5.3CVSS5.8AI score0.00163EPSS

Exploits1References2Affected Software1

Tenable Nessus•added 2026/01/20 12:0 a.m.•4 views

MiracleLinux 8 : git-2.31.1-3.el8 (AXSA:2023-4991:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4991:01 advisory. git: gitattributes parsing integer overflow CVE-2022-23521 git: Heap overflow in git archive, git log --format leading to RCE CVE-2022-41903 Tenable...

9.8CVSS8.6AI score0.56334EPSS

Exploits0References3

CNNVD•added 2026/01/16 12:0 a.m.•2 views

Apple macOS security vulnerabilities

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe prior to 26.1 contained a security vulnerability caused by a log-related issue, which could allow applications access to sensitive user data...

5.5CVSS6.6AI score0.00147EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 11:22 a.m.•6 views

CVE-2021-31164

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements...

7.5CVSS7AI score0.02283EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:48 a.m.•8 views

CVE-2022-31889

Cross Site Scripting XSS vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae...

6.1CVSS5.9AI score0.00651EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:17 a.m.•14 views

CVE-2025-23289

NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files through proxy servers. A successful exploit of this vulnerability might lead to information disclosure...

5.5CVSS5.9AI score0.00124EPSS

Exploits0References1

OSV•added 2025/10/31 2:12 p.m.•7 views

OESA-2025-2560 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

9.6CVSS7.8AI score0.73974EPSS

Exploits4References4

Vulnrichment•added 2025/10/14 3:23 p.m.•2 views

CVE-2025-31514

An Insertion of Sensitive Information into Log File vulnerability CWE-532 in FortiOS 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an attacker with at least read-only privileges to retrieve sensitive 2FA-related information via observing log...

2.7CVSS6.2AI score0.00329EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-21196

Malware in sbrugna...

6.5CVSS6.5AI score0.00997EPSS

Exploits2References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-15209

Malware in sbrugna...

6.5CVSS5.7AI score0.00357EPSS

Exploits0References3