4564 matches found
MagnusBilling Login Logs - Cross-Site Scripting
Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is...
EUVD-2026-38229
MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Because log entries can include attacker-controlled content, an authenticated attacker with site administrator privileges could direct log output to a PHP file in a...
CVE-2026-7547 Woosa <= 2.0.5 - Authenticated (Administrator+) Arbitrary File Read via 'log_file' Parameter
The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and including 2.0.4. This is due to insufficient path sanitization in the renderlogsui function, which accepts a base64-encoded file name from the 'logfile' GET...
Insertion of Sensitive Information into Log File
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the error handling process for certain API and WebSocket routes, where unsanitized exception...
CVE-2026-44809
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...
PT-2026-48500
In Splunk SOAR Security Orchestration, Automation, and Response versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute ANSI escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might...
CVE-2026-44809
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...
EUVD-2026-35743
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-44809 Windows Common Log File System Driver Elevation of Privilege Vulnerability
...
CVE-2026-44809
The vulnerability CVE-2026-44809 involves use-after-free in the Windows Common Log File System (CLFS) Driver. An authorized local attacker can elevate privileges. The data provided does not specify affected Windows versions, patch details, or remediation steps. No exploit specifics are documented...
CVE-2026-44809 Windows Common Log File System Driver Elevation of Privilege Vulnerability
...
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...
PT-2026-47925
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...
Microsoft Windows Common Log File System Driver 资源管理错误漏洞
The Microsoft Windows Common Log File System Driver provides a high-performance, general-purpose log file subsystem. Dedicated client applications can utilize this subsystem, and multiple clients can share it to optimize log access. The Microsoft Windows Common Log File System Driver has a resour...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the INFO level logging when chaincode is deployed in chaincode-as-a-service mode with TLS enabled. An attacker can obtain sensitive information TLS private key by accessing the server...
CVE-2026-2401
CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker...
CVE-2026-8265
A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function getlogfile of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit...
CVE-2025-13755
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes DB2 Connect Server stores potentially sensitive information in log files that could be read by a local user...
CVE-2026-25690
An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an...
CVE-2026-20189
A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit...