12 matches found
EUVD-2026-29022
A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function getlogfile of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit...
CVE-2026-29059 Windmill: SUPERADMIN_SECRET (rarely used) can be accessed publicly
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's getlogfile endpoint "/api/w/workspace/jobsu/getlogfile/filename". The filename parameter is...
CVE-2026-29059
CVE-2026-29059 (Windmill) : Windmill
PT-2026-23658
Name of the Vulnerable Software and Affected Versions Windmill versions prior to 1.603.3 Description Windmill is a developer platform for internal code, including APIs, background jobs, workflows, and UIs. A path traversal issue exists in the get log file API endpoint "/api/w/workspace/jobs u/get...
EUVD-2024-31786
Malicious code in bioql PyPI...
CVE-2024-3194
A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to...
CVE-2024-3194
A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to...
CVE-2024-3194
A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to...
CVE-2024-3194 MailCleaner Log File Endpoint cross site scripting
A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to...
CVE-2024-3194 MailCleaner Log File Endpoint cross site scripting
A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to...
Apache Doris 安全漏洞
Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris suffers from an authorization issue vulnerability that stems from api /api/snapshot and /api/getlogfile allowing...
PT-2023-27900 · Softwarex · Softwarex
Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 2.0.3 Description: The issue allows unauthenticated access through the API endpoints "/api/snapshot" and "/api/get log file". This could potentially lead to a DoS attack or allow an attacker to retrieve arbitrary...