Lucene search
K

37 matches found

Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.19 views

PT-2026-48500

In Splunk SOAR Security Orchestration, Automation, and Response versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute ANSI escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might...

4.3CVSS5.5AI score0.00199EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 10:47 a.m.9 views

CLSA-2026-1775040432 golang: Fix of CVE-2025-61731

CVE-2025-61731: fix pkg-config --log-file argument injection via cgo pkg-config directive...

8.6CVSS7.3AI score0.00532EPSS
Exploits0References1
NVD
NVD
added 2026/01/29 4:16 p.m.9 views

CVE-2026-0936

An Insertion of Sensitive Information into Log File vulnerability in B&R PVI client versions prior to 6.5 may be abused by an authenticated local attacker to gather credential information which is processed by the PVI client application. The logging function of the PVI client application is...

5.1CVSS0.00103EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:39 a.m.15 views

CVE-2003-1582

Microsoft Internet Information Services IIS 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inver...

2.6CVSS6.2AI score0.10325EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2003-1567

Malware in sbrugna...

2.6CVSS6.4AI score0.01077EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/09/30 12:10 p.m.8 views

CVE-2025-10217

A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or to inject crafted data in logfile for potentially carrying out further malicious attacks. Performance logging is typically enabled for troubleshooting purposes while...

6CVSS0.00277EPSS
Exploits0References1
OSV
OSV
added 2025/09/26 7:25 p.m.6 views

CLSA-2025-1758914697 httpd: Fix of 4 CVEs

CVE-2025-49630: fix assertion caused by untrusted clients triggering denial of service attack in modproxyhttp2 - CVE-2025-23048: fix access control bypass by trusted clients using TLS 1.3 session resumption - CVE-2024-47252: escape user-supplied data to prevent log file injection in modssl -...

9.1CVSS7.3AI score0.01149EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/07/19 10:17 p.m.840 views

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

CVE-2025-27591 – Privilege Escalation via Symlink Abuse in be...

6.8CVSS8AI score0.0036EPSS
Exploits22
GithubExploit
GithubExploit
added 2025/07/19 10:17 p.m.120 views

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

CVE-2025-27591 – Privilege Escalation via Symlink Abuse in be...

6.8CVSS8AI score0.0036EPSS
Exploits22
OSV
OSV
added 2025/07/10 5:15 p.m.6 views

AZL-65226 CVE-2024-47252 affecting package httpd for versions less than 2.4.64-1

Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...

7.5CVSS7.1AI score0.00669EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.3 views

Apache HTTP Server 安全漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An unspecified vulnerability exists in Apache HTTP Server that stems from insufficient escaping of user-supplied data by modssl,...

7.5CVSS7.2AI score0.00669EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/06/17 6:21 a.m.13 views

Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs

Overview MFPs multifunction printers provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below. Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' CWE-776 - CVE-2024-27141, CVE-2024-27142 Execution with...

9.8CVSS7.5AI score0.26811EPSS
Exploits2References65
CNNVD
CNNVD
added 2024/04/24 12:0 a.m.6 views

RoamWiFi R10 安全漏洞

RoamWiFi R10 is a portable Internet wireless router from RoamWiFi. A security vulnerability exists in RoamWiFi R10 versions prior to 4.8.45, which stems from a vulnerability that allows an attacker to insert sensitive information into log files...

6.5CVSS6.4AI score0.00278EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/01 12:0 a.m.7 views

PT-2023-7355 · Splunk · Universal Forwarder +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.1.0.2 Splunk Enterprise versions prior to 9.0.5.1 Splunk Enterprise versions prior to 8.2.11.2 Universal Forwarder versions prior to 9.1.0.2 Universal Forwarder versions prior to 9.0.5.1 Universal Forward...

10CVSS7.6AI score0.00341EPSS
Exploits0References6
OSV
OSV
added 2020/06/18 3:15 a.m.3 views

CVE-2020-3356

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based...

6.1CVSS6.5AI score0.00801EPSS
Exploits0References1
NVD
NVD
added 2018/02/14 12:29 p.m.16 views

CVE-2018-2389

Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file...

5.7CVSS5.5AI score0.00712EPSS
Exploits0References2
OSV
OSV
added 2018/02/14 12:29 p.m.6 views

CVE-2018-2389

Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file...

5.7CVSS5.8AI score0.00712EPSS
Exploits0References2
OSV
OSV
added 2017/10/24 9:29 p.m.4 views

CVE-2017-1210

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850...

7.5CVSS5.8AI score0.01408EPSS
Exploits0References2
seebug.org
seebug.org
added 2015/09/11 12:0 a.m.26 views

Netgear FVS318 Router Multiple Vulnerabilities

Multiple Vulnerabilities in Netgear FVS318 Router ------------------------------------------------------------------------ SUMMARY The Netgear FVS318 is "an easy to use, firewall/router designed for home users and small businesses". SecuriNews Research has found 2 vulnerabilities in the router, o...

6.9AI score
Exploits0
NVD
NVD
added 2011/08/29 6:55 p.m.27 views

CVE-2011-3187

The tos method in actionpack/lib/actiondispatch/middleware/remoteip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address...

4.3CVSS6.5AI score0.06661EPSS
Exploits1References9
Rows per page
Query Builder