EUVD-2021-24240

Malware in sbrugna...

EUVD-2021-24241

Malware in sbrugna...

EUVD-2025-13874

Malicious code in bioql PyPI...

CVE-2025-53106

Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the...

CVE-2025-53106 Graylog vulnerable to privilege escalation through API tokens

Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the...

CVE-2025-53106 Graylog vulnerable to privilege escalation through API tokens

Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the...

Privilege Escalation

Graylog is vulnerable to Privilege Escalation. The vulnerability is due to insufficient permission checks due to a flaw in the Graylog REST API that allows authenticated users to create and use API tokens for other users, such as the local Administrator, if they know the target user's ID...

PT-2025-27497 · Graylog · Graylog

Name of the Vulnerable Software and Affected Versions: Graylog versions prior to 6.2.4 Graylog versions prior to 6.3.0-rc.2 Description: A flaw in Graylog allows authenticated users to escalate privileges via API token abuse. This issue can be exploited by creating and using API tokens for the...

CVE-2024-24823

Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain...

CVE-2023-41044

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...

CVE-2021-37759

A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges to the access level of the leaked session ID...

CVE-2020-15813

Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code in all versions that suppo...

CVE-2025-46827 Graylog Allows Session Takeover via Insufficient HTML Sanitization

Graylog is a free and open log management platform. Prior to versions 6.0.14, 6.1.10, and 6.2.0, it is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation Step field. For this attack to succeed, the attacker needs a user account with...

CVE-2025-46827 Graylog Allows Session Takeover via Insufficient HTML Sanitization

Graylog is a free and open log management platform. Prior to versions 6.0.14, 6.1.10, and 6.2.0, it is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation Step field. For this attack to succeed, the attacker needs a user account with...

CVE-2025-46827

Graylog has a vulnerability (CVE-2025-46827) where an HTML form in an Event Definition Remediation Step can leak user session cookies if an attacker has create-event-definition rights and the victim can view alerts, with an active input to receive form data. Affected versions are before 6.0.14, 6...

PT-2025-20234 · Graylog · Graylog

Name of the Vulnerable Software and Affected Versions: Graylog versions prior to 6.0.14 Graylog versions prior to 6.1.10 Graylog versions prior to 6.2.0 Description: The issue allows an attacker to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation...

CVE-2025-30373

Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP...

CVE-2025-30373

Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP...

CVE-2025-30373 Graylog Authenticated HTTP inputs do ingest message even if Authorization header is missing or has wrong value

Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP...

GHSA-P6GG-5HF4-4RGJ Graylog vulnerable to instantiation of arbitrary classes triggered by API request

Summary Arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/clusterconfig/ endpoint. Details Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads...