Lucene search
K

10 matches found

NVD
NVD
added 2026/06/22 2:17 p.m.15 views

CVE-2026-56425

The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...

9.3CVSS0.00258EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.17 views

PT-2026-45875

Name of the Vulnerable Software and Affected Versions Go affected versions not specified Description Functions within the net/textproto package include input as part of the error when returning errors. This behavior allows an attacker to inject misleading content into errors that are subsequently...

9.8CVSS5.8AI score0.0037EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/18 3:30 p.m.12 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat( CVE-2025-55752,CVE-2025-55754 & CVE-2025-61795)

Summary IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-55752 DESCRIPTION: Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized...

9.6CVSS8AI score0.66535EPSS
Exploits4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0874

Malicious code in bioql PyPI...

5.3CVSS4.9AI score0.00434EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/09/03 1:23 p.m.3 views

httpd: insufficient escaping of user-supplied data in mod_ssl

A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...

7.5CVSS5.8AI score0.00669EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/06/05 12:0 a.m.15 views

CVE-2025-48432

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are...

4CVSS0.006EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/06/05 12:0 a.m.10 views

CVE-2025-48432

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are...

5.3CVSS4.9AI score0.006EPSS
Exploits0
Debian
Debian
added 2025/03/25 7:30 p.m.8 views

[SECURITY] [DSA 5886-1] ruby-rack security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5886-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 25, 2025 https://www.debian.org/security/faq -...

7.5CVSS7.6AI score0.01095EPSS
Exploits1
OSV
OSV
added 2025/03/06 7:11 p.m.9 views

GHSA-MF24-CHXH-HMVJ Envoy Gateway Log Injection Vulnerability

Impact In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the attacker uses a specially crafted user-agent which performs json injection, then he could add and overwrite fields to th...

5.3CVSS7.3AI score0.00264EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/02/28 4:54 p.m.10 views

CVE-2025-23405 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Improper Output Neutralization For Logs

Unauthenticated log effects metrics gathering incident response efforts and potentially exposes risk of injection attacks ex log injection...

6.9CVSS0.00269EPSS
Exploits0References2
Rows per page
Query Builder