CVE-2026-43938

Summary (supported): CVE-2026-43938 affects YetAnotherForum.NET (YAF.NET) prior to 4.0.5 and 3.2.12. The database logger captures the request’s User-Agent into a JSON object and stores it in EventLog.Description. When an admin views the EventLog, the code deserializes that JSON and interpolates t...

Malicious code in 88q (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb830829cae1605ff7626653a2470db03cd5a5aab98b3f0a7f5912eaf244561b The main entrypoint index.js runs an IIFE at require time that monkey-patches the global console.warn and console.error methods. After the override,...

MAL-2026-3676 Malicious code in 88q (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb830829cae1605ff7626653a2470db03cd5a5aab98b3f0a7f5912eaf244561b The main entrypoint index.js runs an IIFE at require time that monkey-patches the global console.warn and console.error methods. After the override,...

Malicious code in 66o (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3ba0e9f968d627812a2a4efbb8631d3400b6c19692c7668c8e511e2808aaa62 On require, index.js replaces the global console object with a Proxy index.js:36-73 that intercepts console.error/info/warn calls anywhere in the hos...

MAL-2026-3674 Malicious code in 66o (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3ba0e9f968d627812a2a4efbb8631d3400b6c19692c7668c8e511e2808aaa62 On require, index.js replaces the global console object with a Proxy index.js:36-73 that intercepts console.error/info/warn calls anywhere in the hos...

Ivanti Secure Access Client 安全漏洞

Ivanti Secure Access Client is a security software client developed by the American company Ivanti. Vulnerabilities existed in versions of Ivanti Secure Access Client prior to 22.8R6. These vulnerabilities were due to improper permission allocation for critical resources, which could allow locall...

Fortinet FortiDeceptor 参数注入漏洞

Fortinet FortiDeceptor is a network threat detection platform developed by the American company Fortinet. This platform primarily exploits deceptive techniques to uncover network threats. Versions of Fortinet FortiDeceptor, ranging from 6.0.0 to 6.0.2, 5.3.0 to 5.3.3, 5.2.0 to 5.2.1, all versions...

Cribl 安全漏洞

Cribl is a log analysis tool. Versions of Cribl prior to 4.17.1 have security vulnerabilities. There is currently no information regarding these vulnerabilities. Please stay informed by following CNNVD or the vendor’s announcements...

Cribl 安全漏洞

Cribl is a log analysis tool developed by Cribl Inc. Versions of Cribl prior to 4.17.1 contained security vulnerabilities. There is currently no information regarding these vulnerabilities. Please stay informed by following CNNVD or the vendor’s announcements...

Microsoft Windows Common Log File System Driver 安全漏洞

The Microsoft Windows Common Log File System Driver is a high-performance, general-purpose log file system API provided by Microsoft. It allows specialized client applications to utilize this subsystem, enabling multiple clients to share it for optimized log access. There are security...

Flowsint 访问控制错误漏洞

Flowsint is an open-source intelligence visualization tool developed by reconurge. Versions of Flowsint prior to 1.2.3 contained a access control vulnerability. This vulnerability stemmed from ineffective access control, which could allow unauthorized users to read log data of other users...

PT-2026-40038

Name of the Vulnerable Software and Affected Versions Ivanti Secure Access Client versions prior to 22.8R6 Description An incorrect permission assignment for a critical resource allows a local authenticated user to read or modify sensitive log data. This is possible through write access to a shar...

PT-2026-40212

Integer underflow wrap or wraparound in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

PT-2026-40114

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an...

Cisco Prime Infrastructure Information Disclosure (cisco-sa-pi-unauth-infodiscl-LFnLgmey)

The version of Cisco Prime Infrastructure installed on the remote host is prior to Migrate to a fixed release.. It is, therefore, affected by a vulnerability as referenced in the cisco-sa-pi-unauth-infodiscl-LFnLgmey advisory. - A vulnerability in the log file download functionality of Cisco Prim...

PT-2026-40220

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

KLA91038 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code, obtain sensitive information. Below is a complete list of...

Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content

Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive file-write content remains in the stored payload as ContentPreview,...

EUVD-2026-29111

Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function...

CVE-2026-36906

Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function...