morgan 安全漏洞

Morgan is an open-source HTTP request logging middleware developed by ExpressJS. Versions 1.2.0 to 1.10.1 of Morgan contain security vulnerabilities. These vulnerabilities stem from the remoteuser token not being escaped with control characters, which may lead to log manipulation...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, where functions return errors that include the input within the error message. This allows attackers ...

Cisco IOS XE Software IOx Application Hosting Environment CRLF Injection (cisco-sa-iox-crlf-NvgKTKJZ)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return lin...

📄 Below Symlink Privilege Escalation

This Python script demonstrates a potential privilege escalation technique related to CVE-2025-27591, leveraging symbolic link symlink manipulation in a logging directory used by the below utility. Versions prior to 0.9.0 are affected...

CVE-2026-35391

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the getClientIP function in lib/admin/session.ts trusted the first leftmost entry of the X-Forwarded-For header, which is fully controlled by the client. An attacker could forge their source IP address to...

CVE-2026-20113

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validatio...

CVE-2026-20113

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validatio...

CVE-2026-20113

The CVE affects the web-based Cisco IOx application hosting environment management interface in Cisco IOS XE Software. It arises from insufficient input validation and enables a remote, unauthenticated attacker to perform a CRLF injection, potentially injecting or altering log entries and obscuri...

CVE-2026-20113

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validatio...

Cisco IOx Application Hosting Environment Carriage Return Line Feed Injection Vulnerability

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validatio...

PT-2026-27796

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the web-based Cisco IOx application hosting environment management interface that could allow a remote attacker to inject carriage return line feed CRLF...

We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them

AWS Bedrock is Amazon's platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful – but it’s also what makes Bedrock a target. When an AI...

CVE-2025-12755

IBM MQ Operator SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29 and IBM‑supplied MQ Advanced container images across affected SC2, CD, and LTS 9.3.x–9.4.x releases contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized...

IBM MQ 安全漏洞

IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable, proven messaging backbone for Service Oriented Architecture SOA. IBM-supplied MQ Advanced container images are standard container images officially provided by IBM,...

MiracleLinux 8 : php:8.2 (AXSA:2024-9505:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9505:01 advisory. php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk...

Apache Tomcat 9.0.0-M1 < 9.0.109 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.109, 10.1.0-M1 prior to 10.1.45 or 11.0.0-M1 prior to 11.0.11. It is, therefore, affected by multiple vulnerabilities : - Console manipulation via escape sequences in log messages. CVE-2025-55754 - Directory...

Apache Tomcat 10.1.0-M1 < 10.1.45 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.109, 10.1.0-M1 prior to 10.1.45 or 11.0.0-M1 prior to 11.0.11. It is, therefore, affected by multiple vulnerabilities : - Console manipulation via escape sequences in log messages. CVE-2025-55754 - Directory...

EUVD-2006-3549

Malware in sbrugna...

EUVD-2009-4458

Malware in sbrugna...

CVE-2025-58580

CVE-2025-58580 affects SICK Enterprise Analytics (and related SICK Analytics products) where an API endpoint allows creation of arbitrary log entries via POST without sufficient input validation. The root cause is insecure input handling, enabling an attacker to create manipulated or diluted logs...