Oracle Fusion Middleware 安全漏洞

Oracle Fusion Middleware is a suite of middleware products for building and deploying enterprise-class applications, integrations and business processes. A cross-site scripting vulnerability exists in the Dynamic Monitoring Service component of Oracle Fusion Middleware. The vulnerability stems fr...

CVE-2026-20152

A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied authentication input in HT...

SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2026:0932-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0932-1 advisory. Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping...

OPENSUSE-SU-2026:20350-1 Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation bypas...

BIT-FLUENT-BIT-2025-12977 CVE-2025-12977

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins fail to sanitize tagkey inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tagkey values containing special characters such as newlines or ../ that are treated as valid tags...

EUVD-2025-198811

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins fail to sanitize tagkey inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tagkey values containing special characters such as newlines or ../ that are treated as valid tags...

AZL-71102 CVE-2025-12977 affecting package fluent-bit for versions less than 3.1.10-4

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins fail to sanitize tagkey inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tagkey values containing special characters such as newlines or ../ that are treated as valid tags...

CVE-2025-12978 CVE-2025-12978

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins contain a flaw in the tagkey validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed acces...

CVE-2025-12977

Fluent Bit vulnerability CVE-2025-12977 affects the in_http, in_splunk, and in_elasticsearch input plugins. The root cause is improper sanitization of tag_key inputs, allowing special characters (e.g., newlines, ../) to be treated as valid tags. This can lead to newline injection, path traversal,...

CVE-2025-12977 CVE-2025-12977

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins fail to sanitize tagkey inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tagkey values containing special characters such as newlines or ../ that are treated as valid tags...

Cisco Desk/IP/Video Phone Denial of Service (cisco-sa-phone-dos-FPyjLV7A) (CVE-2025-20350)

According to its self-reported version, the remote Cisco Desk, IP, or Video Phone running SIP Software is affected by a denial of service vulnerability: - A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco S...

CVE-2025-20350

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to a buffer overflow...

CVE-2025-20350

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to a buffer overflow...

CVE-2025-20350 Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Denial of Service Vulnerability

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to a buffer overflow...

EUVD-2017-15691

Malware in sbrugna...

EUVD-2008-5780

Malware in sbrugna...

EUVD-2017-15673

Malware in sbrugna...

Authentication Bypass

org.graylog2, graylog2-server is vulnerable to Authentication Bypass. The vulnerability is due to HTTP Inputs not correctly rejecting messages when a specified header is missing or has an incorrect value, allowing the message to be ingested despite returning a 401 HTTP response...

Authentication Bypass Using an Alternate Path or Channel

Overview org.graylog2:graylog2-server is a log management platform. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the channelRead0 function. An attacker can bypass authentication by sending HTTP requests without required...

CVE-2025-30373 Graylog Authenticated HTTP inputs do ingest message even if Authorization header is missing or has wrong value

Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP...