Malicious code in 66o (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3ba0e9f968d627812a2a4efbb8631d3400b6c19692c7668c8e511e2808aaa62 On require, index.js replaces the global console object with a Proxy index.js:36-73 that intercepts console.error/info/warn calls anywhere in the hos...

MAL-2026-3674 Malicious code in 66o (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3ba0e9f968d627812a2a4efbb8631d3400b6c19692c7668c8e511e2808aaa62 On require, index.js replaces the global console object with a Proxy index.js:36-73 that intercepts console.error/info/warn calls anywhere in the hos...

Ivanti Secure Access Client 安全漏洞

Ivanti Secure Access Client is a security software client developed by the American company Ivanti. Vulnerabilities existed in versions of Ivanti Secure Access Client prior to 22.8R6. These vulnerabilities were due to improper permission allocation for critical resources, which could allow locall...

Fortinet FortiDeceptor 参数注入漏洞

Fortinet FortiDeceptor is a network threat detection platform developed by the American company Fortinet. This platform primarily exploits deceptive techniques to uncover network threats. Versions of Fortinet FortiDeceptor, ranging from 6.0.0 to 6.0.2, 5.3.0 to 5.3.3, 5.2.0 to 5.2.1, all versions...

Cribl 安全漏洞

Cribl is a log analysis tool. Versions of Cribl prior to 4.17.1 have security vulnerabilities. There is currently no information regarding these vulnerabilities. Please stay informed by following CNNVD or the vendor’s announcements...

PT-2026-40220

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

Cribl 安全漏洞

Cribl is a log analysis tool developed by Cribl Inc. Versions of Cribl prior to 4.17.1 contained security vulnerabilities. There is currently no information regarding these vulnerabilities. Please stay informed by following CNNVD or the vendor’s announcements...

Microsoft Windows Common Log File System Driver 安全漏洞

The Microsoft Windows Common Log File System Driver is a high-performance, general-purpose log file system API provided by Microsoft. It allows specialized client applications to utilize this subsystem, enabling multiple clients to share it for optimized log access. There are security...

Flowsint 访问控制错误漏洞

Flowsint is an open-source intelligence visualization tool developed by reconurge. Versions of Flowsint prior to 1.2.3 contained a access control vulnerability. This vulnerability stemmed from ineffective access control, which could allow unauthorized users to read log data of other users...

PT-2026-40114

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an...

KLA91038 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code, obtain sensitive information. Below is a complete list of...

PT-2026-40038

Name of the Vulnerable Software and Affected Versions Ivanti Secure Access Client versions prior to 22.8R6 Description An incorrect permission assignment for a critical resource allows a local authenticated user to read or modify sensitive log data. This is possible through write access to a shar...

PT-2026-40212

Integer underflow wrap or wraparound in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

Cisco Prime Infrastructure Information Disclosure (cisco-sa-pi-unauth-infodiscl-LFnLgmey)

The version of Cisco Prime Infrastructure installed on the remote host is prior to Migrate to a fixed release.. It is, therefore, affected by a vulnerability as referenced in the cisco-sa-pi-unauth-infodiscl-LFnLgmey advisory. - A vulnerability in the log file download functionality of Cisco Prim...

Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content

Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive file-write content remains in the stored payload as ContentPreview,...

EUVD-2026-29111

Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function...

CVE-2026-36906

Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function...

GHSA-3JH5-RR2Q-XFV7 Valtimo has sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer

Summary The LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers. When an error response is received, this information is included in the thrown...

CVE-2026-34088 RecentChanges entries expose suppressed content via generated log page html

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-34088

CVE-2026-34088 (MediaWiki) is a disclosed exposure vulnerability affecting MediaWiki versions before 1.43.7, 1.44.4, and 1.45.2. The connected sources confirm a broad vulnerability family in MediaWiki leading to information disclosure to unauthorized actors. Debian’s advisory DSA-6208-1 notes mul...