CVE-2026-5078

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

CVE-2026-5078 morgan vulnerable to Log Forging via unneutralized control characters in :remote-user

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

CVE-2026-3509

An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service DoS condition...

httpd: insufficient escaping of user-supplied data in mod_ssl

A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...

VAST - Visibility Across Space And Time

The network telemetry engine for data-driven security investigations. Getting Started — Installation — Documentation — Development — Changelog — License and Scientific Use Chat with us on Gitter, or join us on Matrix at tenzirvast:gitter.im. Key Features High-Throughput Ingestion : import numerou...

WhatWeb v0.5.0 - Next Generation Web Scanner

Developed by Andrew Horton urbanadventurer and Brendan Coles bcoles Latest Release: v0.5.0. June 9th, 2019 License: GPLv2 This product is subject to the terms detailed in the license agreement. For more information about WhatWeb visit: Homepage: https://www.morningstarsecurity.com/research/whatwe...

Open Source Log Analysis: GoAccess

GoAccess is an open source real-time web log analyzer and interactive viewer that runs in a terminal in nix systems . It provides fast and valuable HTTP statistics for system administrators that require a visual server report on the fly. Features GoAccess parses the specified web log file and...

Next Generation Web Scanner – WhatWeb

Next Generation Web Scanner WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded...

The Top Six Ways You Will Benefit From Event Log Monitoring

Systems on your network log data 24/7/365. Simply allowing logs to take up disk space, reviewing them only after something has happened and deleting logs when you run low on disk space are all the strategies of an admin doomed to always being in firefighting mode, reacting to bad things when they...