CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

832 matches found

pyload - Log Injection

A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. id: CVE-2024-21645 info: name: pyload - Log Injection author: isacaya severity: medium description: | A log injection...

5.3CVSS6.2AI score0.24513EPSS

Exploits1References3

NVD•added 4 days ago•9 views

CVE-2026-10745

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1...

7.9CVSS0.00264EPSS

Exploits0References1

EUVD•added 4 days ago•11 views

EUVD-2026-38731

7.9CVSS5.9AI score0.00264EPSS

Exploits0References1

CVE•added 4 days ago•12 views

CVE-2026-10745

CVE-2026-10745 affects upKeeper Solutions a.k.a. upKeeper Instant Privilege Access on Windows, vulnerable through version 1.6.1. Root cause: improper output neutralization in logs (log injection/tampering/forging). Reported impact per metrics indicates high risk for subsequent system confidential...

7.9CVSS5.9AI score0.00264EPSS

Exploits0References1

Cvelist•added 4 days ago•32 views

CVE-2026-10745

7.9CVSS0.00264EPSS

Exploits0References1

NVD•added 6 days ago•10 views

CVE-2026-56425

The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...

9.3CVSS0.00258EPSS

Exploits0References1

Cvelist•added 6 days ago•27 views

CVE-2026-56425 MISP AAD authentication plugin - Improper OAuth State Handling, Missing Session Rotation, Insecure Redirect URI Validation, and Log Injection

9.3CVSS0.00258EPSS

Exploits0References1

EUVD•added 6 days ago•11 views

EUVD-2026-38228

9.3CVSS5.9AI score0.00258EPSS

Exploits0References1

CVE•added 6 days ago•10 views

CVE-2026-56425

CVE-2026-56425 affects the AAD authentication plugin for MISP (OAuth 2.0). The vulnerability stems from using session_id() as the OAuth state parameter, lack of session rotation after login, no dedicated nonce for the state, and not enforcing HTTPS for the redirect URI. Additional issue: OAuth er...

9.3CVSS5.9AI score0.00258EPSS

Exploits0References1Affected Software1

AstraLinux•added 2026/06/19 11:10 a.m.•5 views

Astra Linux – Vulnerability in Apache2

Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...

7.5CVSS7.2AI score0.00669EPSS

Exploits0References2

OSV•added 2026/06/16 9:2 p.m.•9 views

GHSA-7CX2-G3H9-382P Crawl4AI: Arbitrary file write (symlink/TOCTOU) plus log and webhook-header injection in Docker server

Summary Three backward-compatible hardening fixes in the Docker API server. The headline issue is an arbitrary file write via the screenshot/PDF outputpath. 1. Arbitrary file write via outputpath symlink / TOCTOU primary POST /screenshot and POST /pdf accept an outputpath constrained to...

8.1CVSS5.7AI score0.00656EPSS

Exploits0References5

NVD•added 2026/06/12 10:16 a.m.•10 views

CVE-2026-50629

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

5.3CVSS0.0047EPSS

Exploits0References2

EUVD•added 2026/06/12 8:57 a.m.•8 views

EUVD-2026-36397

5.3CVSS5.3AI score0.0047EPSS

Exploits0References1

CVE•added 2026/06/12 8:57 a.m.•18 views

CVE-2026-50629

The CVE-2026-50629 issue affects Apache CXF’s OAuth2 server where the 'clientId' from HTTP requests is concatenated into log warning messages without sanitizing control characters. This creates log injection risk by allowing arbitrary content in logs. Root cause: unsanitized control characters in...

5.3CVSS5.4AI score0.0047EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/06/12 8:57 a.m.•27 views

CVE-2026-50629 Apache CXF: OAuth2: Log Injection via Unsanitized Client Identifier

0.0047EPSS

Exploits0References1

Vulnrichment•added 2026/06/12 8:57 a.m.•9 views

CVE-2026-50629 Apache CXF: OAuth2: Log Injection via Unsanitized Client Identifier

5.3AI score0.0047EPSS

Exploits0References1

Positive Technologies•added 2026/06/12 12:0 a.m.•11 views

PT-2026-48848

5.3AI score0.0047EPSS

Exploits0References3

NVD•added 2026/06/11 7:16 p.m.•8 views

CVE-2026-47250

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

6.1CVSS0.00267EPSS

Exploits0References2

NVD•added 2026/06/10 6:16 p.m.•13 views

CVE-2026-20260

In Splunk SOAR Security Orchestration, Automation, and Response versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute ANSI escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might...

4.3CVSS0.00199EPSS

Exploits0References1

EUVD•added 2026/06/10 5:16 p.m.•9 views

EUVD-2026-36087

4.3CVSS5.5AI score0.00199EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by