EUVD-2026-34070

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...

CVE-2026-41032

The CVE-2026-41032 entry concerns Phoenix Contact CHARX SEC-3xxx charging controller firmware. Affected component: firmware on CHARX SEC-3xxx charging controllers. Vulnerability: an unauthenticated adjacent attacker can download log files from the controller, potentially exposing restricted infor...

Improper Output Neutralization for Logs

Overview morgan is a HTTP request logger middleware for node.js. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the :remote-user token, which extracts the Basic auth username from the Authorization header and writes it to the log stream without...

CVE-2026-5078

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

UBUNTU-CVE-2026-5078

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

CVE-2026-5078 morgan vulnerable to Log Forging via unneutralized control characters in :remote-user

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

EUVD-2026-34067

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

CVE-2026-5078

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

CVE-2026-5078 morgan vulnerable to Log Forging via unneutralized control characters in :remote-user

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

CVE-2026-5078

CVE-2026-5078 affects the morgan logging middleware; versions 1.2.0 through 1.10.1 write the Basic auth username from the Authorization header into logs without neutralizing CR/LF control characters, enabling log forgery. Affected formats include built-in combined, common, default, short, and any...

EUVD-2026-34040

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

MiracleLinux 8 : cockpit-310.8-1.el8_10.ML.1 (AXSA:2026-750:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-750:04 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly...

Linux Distros Unpatched Vulnerability : CVE-2026-45977

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fbnic: close fwlog race between users and teardown Fixes a theoretical race on fwlog between the teardown path and fwlog write functions. fwlog is written insi...

AlmaLinux 10 : cockpit (ALSA-2026:21676)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:21676 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly fr...

morgan 安全漏洞

Morgan is an open-source HTTP request logging middleware developed by ExpressJS. Versions 1.2.0 to 1.10.1 of Morgan contain security vulnerabilities. These vulnerabilities stem from the remoteuser token not being escaped with control characters, which may lead to log manipulation...

PT-2026-46086

Summary The HTTP handler / log in lib/server.js lines 491–515 of browserstack-runner passes unauthenticated user-supplied data to vm.runInNewContext combined with eval, enabling a sandbox escape and arbitrary code execution on the host system. Details When browserstack-runner starts, it creates a...

NLLog: Lightweight, Explainable SOC Anomaly Detection Via Log-To-Language Rewriting

System-generated logs underpin security monitoring, yet their rigid template-based format hinders both automated analysis and human comprehension. We present NLLog Natural-Language Log, a lightweight pipeline that deterministically rewrites parsed templates into WHO-WHAT-SEVERITY sentences, pools...

PT-2026-46016

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap buffer overflow out-of-bounds write exists in the persistent ram save old function within the pstore/ram component. The issue occurs when the function is called multiple times for...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the pstore ram module not properly updating the oldlogsize when it calls the persistentramsaveold...

CVE-2026-42507

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...