PT-2026-29569

Name of the Vulnerable Software and Affected Versions CrnMaster versions prior to 2.2.0 Description CrnMaster is a Cronjob management UI. Prior to version 2.2.0, an authentication bypass exists in the middleware. When the middleware’s session-validation fetch fails, unauthenticated requests with ...

EUVD-2026-17507

In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana...

CVE-2026-4819

In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana...

CVE-2026-4819

In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana...

Security Bulletin: Vulnerability in IBM Java, Websphere, OpenSSL, libcurl, and Apache Commons may affect IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments and IBM Storage Protect for Space Management

Summary IBM Spectrum Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments and IBM Storage Protect for Space Management can be affected by logging and security vulnerabilities. This update improves reliability of Java object property handling, modern logging frameworks and...

PT-2026-29281

In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana...

Unspecified Vulnerability in Apple macOS (CNVD-2026-19034)

Apple macOS is a specialized operating system developed by Apple for Mac computers. Apple macOS has a security vulnerability that stems from a logging issue that can be exploited by an attacker to cause an application to access sensitive user data...

EUVD-2018-21720

HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the logging preferences. Attackers can input a buffer-overflow payload through the SQL log file path field in Preferences Logging to...

CVE-2018-25231

HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the logging preferences. Attackers can input a buffer-overflow payload through the SQL log file path field in Preferences Logging to...

CVE-2018-25231

CVE-2018-25231 affects HeidiSQL 9.5.0.5196 where the SQL log file path in Preferences > Logging can be abused by supplying an excessively long file path, triggering a buffer-overflow and causing a local denial of service (application crash). The vulnerability arises from the input handling in ...

CVE-2018-25231 HeidiSQL 9.5.0.5196 Denial of Service via Preferences

HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the logging preferences. Attackers can input a buffer-overflow payload through the SQL log file path field in Preferences Logging to...

CVE-2018-25231 HeidiSQL 9.5.0.5196 Denial of Service via Preferences

HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the logging preferences. Attackers can input a buffer-overflow payload through the SQL log file path field in Preferences Logging to...

PT-2026-29017

HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the logging preferences. Attackers can input a buffer-overflow payload through the SQL log file path field in Preferences Logging to...

HeidiSQL 安全漏洞

HeidiSQL is an open-source database management graphical interface tool developed by HeidiSQL. Version HeidiSQL 9.5.0.5196 contains a security vulnerability. This vulnerability stems from the file path field in the logging configuration file, which has a denial-of-service vulnerability. This coul...

Apple macOS Exposure of Sensitive Information to Unauthorized Sphere Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within NVRAM variabl...

EUVD-2026-16330

The API function sshgethexa is vulnerable, when 0-lenght input is provided to this function. This function is used internally in sshgetfingerprinthash and sshprinthexa deprecated, which is vulnerable to the same input length is provided by the calling application. The function is also used...

CVE-2026-0966

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

CVE-2026-0966 Libssh: libssh: denial of service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

CVE-2026-0966

CVE-2026-0966 affects the libssh library with a buffer underflow in ssh_get_hexa() on invalid input. The issue occurs because ssh_get_hexa() is used by ssh_get_fingerprint_hash() and the deprecated ssh_print_hexa(), and also in gssapi logging. Remote triggering is possible when GSSAPI authenticat...

CVE-2026-0966 Libssh: libssh: denial of service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...