Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

OSV
OSVadded 2025/06/30 7:35 p.m.0 views

GHSA-3M86-C9X3-VWM9 Graylog vulnerable to privilege escalation through API tokens

Impact Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the attack to succeed, the attacker needs a user account in Graylog. They can then proceed to issue hand-crafted requests ...

8.8CVSS5.9AI score0.00275EPSS
Exploits0References5
CVE
CVEadded 2024/11/18 8:27 p.m.51 views

CVE-2024-52506

The CVE-2024-52506 issue affects Graylog 6.1.0–6.1.1, where the reporting feature can leak another user’s data under concurrent PDF report rendering. A shared headless browser instance is reused across simultaneous render requests; depending on timing, either a freshness check errors out or a win...

7.1CVSS6.2AI score0.00394EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2024/11/18 8:27 p.m.3 views

CVE-2024-52506 Graylog can leak other users' reports via concurrent PDF report rendering

Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included i...

7.1CVSS6.7AI score0.00394EPSS
Exploits1References5
Rows per page
Query Builder