CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/04/17 12:0 a.m.•1 views

SUSE SLED15 / SLES15 Security Update : kea (SUSE-SU-2026:1378-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1378-1 advisory. Update to release 2.6.5: A large number of bracket pairs in a JSON payload directed to any endpoint would result in a...

7.5CVSS5.8AI score0.00011EPSS

RedhatCVE•added 2026/04/07 11:1 p.m.•1 views

CVE-2026-35171

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDROLOGGINGCONFIG environment variable and loads it without validation. The logging configuration schema supports the special key, which enables arbitrary...

PyPA•added 2026/04/06 6:16 p.m.•7 views

PYSEC-2026-72

9.8CVSS6.6AI score0.00202EPSS

Exploits0References1Affected Software1

NVD•added 2026/04/06 6:16 p.m.•3 views

CVE-2026-35171

9.8CVSS0.00202EPSS

OSV•added 2026/04/06 6:16 p.m.•4 views

PYSEC-2026-72

9.8CVSS6.6AI score0.00202EPSS

Vulnrichment•added 2026/04/06 5:45 p.m.•2 views

CVE-2026-35171 Arbitrary Code Execution via Malicious Logging Configuration in Kedro

Cvelist•added 2026/04/06 5:45 p.m.•18 views

CVE-2026-35171 Arbitrary Code Execution via Malicious Logging Configuration in Kedro

9.8CVSS0.00202EPSS

CVE•added 2026/04/06 5:45 p.m.•6 views

CVE-2026-35171

Kedro is affected by an RCE via unsafe use of logging.config.dictConfig() with user-controlled input. The vulnerability arises because Kedro can read a logging config path from the KEDRO_LOGGING_CONFIG environment variable and load it without validation, allowing the special () key to instantiate...

Exploits0References1Affected Software1

Github Security Blog•added 2026/04/03 3:48 a.m.•5 views

Kedro has Arbitrary Code Execution via Malicious Logging Configuration

Impact This is a critical remote code execution RCE vulnerability caused by unsafe use of logging.config.dictConfig with user-controlled input. Kedro allows the logging configuration file path to be set via the KEDROLOGGINGCONFIG environment variable and loads it without validation. The logging...

Exploits0References3Affected Software1

OSV•added 2026/04/03 3:48 a.m.•2 views

GHSA-9CQF-439C-J96R Kedro has Arbitrary Code Execution via Malicious Logging Configuration

CNNVD•added 2026/03/30 12:0 a.m.•2 views

Exploits0References3

HeidiSQL 安全漏洞

HeidiSQL is an open-source database management graphical interface tool developed by HeidiSQL. Version HeidiSQL 9.5.0.5196 contains a security vulnerability. This vulnerability stems from the file path field in the logging configuration file, which has a denial-of-service vulnerability. This coul...

6.9CVSS5.8AI score0.00017EPSS

Exploits1References4

RedhatCVE•added 2026/03/26 7:27 p.m.•3 views

CVE-2026-3112

A flaw was found in Mattermost. This vulnerability allows a system administrator to read arbitrary files on the host system. This is possible due to a failure to properly validate Advanced Logging file target paths, which can be exploited by providing a malicious AdvancedLoggingJSON configuration...

6.8CVSS5.9AI score0.0002EPSS

Exploits0References2

NVD•added 2026/03/22 2:16 p.m.•1 views

CVE-2019-25590

Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log...

6.9CVSS0.00006EPSS

Cvelist•added 2026/03/22 1:38 p.m.•22 views

CVE-2019-25590 Axessh 4.2 Denial of Service via Log File Name

6.9CVSS0.00006EPSS