Lucene search
K

9207 matches found

CVE
CVE
added 14 hours ago6 views

CVE-2026-6790

In Eclipse Jetty, HTTP/1 requests to HTTP/1.3 (HTTP/2/3 included) do not enforce that the request authority (host and port) matches the Host header when present. This mismatch can affect URI redirects, virtual host selection, reverse proxying, and logs. The issue is described across CVE sources (...

5.3CVSS6.1AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 14 hours ago6 views

CVE-2026-6790

In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...

5.3CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 15 hours ago5 views

CVE-2026-9561

Eclipse Kura versions prior to 5.6.2 trust the client-supplied X-Forwarded-For HTTP header as the authoritative source of the client IP address in audit log entries. The org.eclipse.kura.web2 Web Console and org.eclipse.kura.rest.provider REST API components use this header as the primary IP sour...

8.8CVSS6.1AI score
Exploits0References2Affected Software1
EUVD
EUVD
added 15 hours ago5 views

EUVD-2026-43636

Eclipse Kura versions prior to 5.6.2 trust the client-supplied X-Forwarded-For HTTP header as the authoritative source of the client IP address in audit log entries. The org.eclipse.kura.web2 Web Console and org.eclipse.kura.rest.provider REST API components use this header as the primary IP sour...

8.8CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 16 hours ago87 views

Anchor CMS 0.12.3 - Error Log Exposure

Anchor CMS 0.12.3 is susceptible to an error log exposure vulnerability due to an issue in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error such as "Too many connections" has occurred. id: CVE-2018-7251 info: name: Anchor CMS 0.12.3 ...

9.8CVSS7AI score0.72272EPSS
Exploits4References5
Nuclei
Nuclei
added 16 hours ago61 views

Autoptimize < 3.1.0 - Information Disclosure

The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs. id: CVE-2022-4057 info: name: Autoptimize 3.1.0 - Information Disclosure author: DhiyaneshDK severity: medium description: | The Autoptimize WordPress plugin before 3.1.0 uses...

5.3CVSS6.2AI score0.0146EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago41 views

WebTitan < 3.60 - Local File Inclusion

Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. dot dot in the fname parameter in a view action. id: CVE-2011-4640 info: name: WebTitan 3.60 - Local File Inclusion author: ctflearner severity:...

4CVSS6.2AI score0.07323EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago16 views

WordPress Hummingbird <= 3.18.0 - Sensitive Information Exposure via Log File

Hummingbird Performance WordPress plugin = 3.18.0 contains a sensitive information exposure caused by improper handling in the 'request' function, letting unauthenticated attackers extract sensitive data including Cloudflare API credentials, exploit requires no authentication. id: CVE-2025-14437...

7.5CVSS6.1AI score0.01986EPSS
Exploits0References3
Nuclei
Nuclei
added 16 hours ago102 views

VMware Aria Operations for Logs - Unauthenticated Remote Code Execution

VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. id: CVE-2023-20864 info: name: VMware Aria Operations for Logs - Unauthenticated Remo...

9.8CVSS7.4AI score0.70423EPSS
Exploits0References3
Nuclei
Nuclei
added 16 hours ago20 views

SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs. id: CVE-2024-6846 info: name: SmartSearchWP = 2.4.4 - Unauthenticated Log Purge author: s4e-io severity: medium description: | Th...

5.3CVSS6.1AI score0.01263EPSS
Exploits1References2
EUVD
EUVD
added 23 hours ago4 views

EUVD-2026-43548

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...

8.7CVSS6.1AI score
Exploits0References3
NVD
NVD
added yesterday7 views

CVE-2026-62328

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...

8.7CVSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-62328

Summary: CVE-2026-62328 affects 9Router up to version 0.4.41 and describes an unauthenticated information-disclosure vulnerability exposed via unprotected API endpoints. Attackers can remotely query the request-logs and request-details routes (which lack authentication middleware) to enumerate pa...

8.7CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added yesterday26 views

CVE-2026-61501 Rejetto HFS < 3.2.1 Stored XSS in Admin Log Viewer

Rejetto HFS 3.0.0 through 3.2.0 renders log entries in the administration panel as HTML without sanitization. A remote unauthenticated attacker can submit a failed login with a crafted username that is written to the error log and executes JavaScript in an administrator's browser when the logs ar...

6.1CVSS
Exploits0References2
CVE
CVE
added yesterday12 views

CVE-2026-22098

Technical details about CVE-2026-22098 are not publicly available in the provided documents. The issue is described as sensitive information written to log files, but product/versions, impact specifics, and fixes are not specified. Monitor for updates.

9.2CVSS6.1AI score0.00332EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday31 views

CVE-2026-15574 Vllm-orchestrator-gateway: vllm-orchestrator-gateway: authorization header and full chat payloads logged at hard-coded debug default

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS0.00259EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday54 views

CirCarLife Scada <4.3 - System Log Exposure

CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging station. id: CVE-2018-12634 info: name: CirCarLife Scada 4.3 - System Log...

9.8CVSS7.1AI score0.56829EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday142 views

SMTP WP Plugin Directory Listing

The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access. id: CVE-2020-35234 info: name: SMTP WP Plugin Directory Listing author: PR3R00T severity: high description: The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and i...

7.5CVSS6.9AI score0.64603EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday82 views

Cisco Smart Licensing Utility UnAuthenticated Logs Exposure Leaking Plaintext Credentials

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information.This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...

7.5CVSS7.1AI score0.51466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 4 days ago6 views

CVE-2026-54528

A flaw was found in JupyterLab Git, a Git extension for JupyterLab. This vulnerability allows an authenticated user on a case-insensitive filesystem to bypass administrator-configured excluded paths by varying the case of the URL path segment. This bypass enables the user to read file content, vi...

7.1CVSS6AI score0.00285EPSS
Exploits0References6
Rows per page
Query Builder