Lucene search
K

71 matches found

OSV
OSV
added 2026/06/23 2:37 p.m.5 views

BIT-APISIX-2026-44046 Apache APISIX: wolf-rbac plugin Identity Spoofing

Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through...

5.8CVSS5.8AI score0.00314EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 1:9 p.m.33 views

CVE-2026-44046 Apache APISIX: wolf-rbac plugin Identity Spoofing

Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through...

2.3CVSS0.00314EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 1:9 p.m.35 views

CVE-2026-44046

Apache APISIX is affected by CVE-2026-44046 due to a Less Trusted Source issue in the wolf-rbac plugin under default configuration. Affected versions: 1.2.0 through 3.16.0. Exploitation can allow spoofed identity information to be logged and potentially bypass or abuse IP-based access controls. T...

5.8CVSS5.8AI score0.00314EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/19 1:9 p.m.6 views

CVE-2026-44046

Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through...

2.3CVSS5.8AI score0.00314EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 1:9 p.m.3 views

CVE-2026-44046 Apache APISIX: wolf-rbac plugin Identity Spoofing

Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through...

2.3CVSS5.9AI score0.00314EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in PHP 8.1

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, and 8.3. before 8.3.12, when using PHP-FPM SAPI and the option catchworkersoutput is set to yes, it is possible to manipulate the log messages by removing up to 4 characters from the log messages. Additionally, if PHP-FPM is configured to us...

3.3CVSS6.7AI score0.00482EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/05 7:31 p.m.8 views

CVE-2025-59784

2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges...

7.2CVSS5.9AI score0.00286EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/04 6:31 p.m.7 views

EUVD-2025-208277

2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges...

6.9CVSS5.9AI score0.00286EPSS
Exploits0References2
NVD
NVD
added 2026/03/04 4:16 p.m.5 views

CVE-2025-59784

2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges...

7.2CVSS0.00286EPSS
Exploits0References1
OSV
OSV
added 2026/03/04 4:16 p.m.5 views

CVE-2025-59784

2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges...

7.2CVSS5.7AI score0.00286EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/04 3:26 p.m.6 views

CVE-2025-59784 Log Pollution - Control Characters Not Escaped

2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges...

6.9CVSS5.9AI score0.00286EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/04 3:26 p.m.5 views

CVE-2025-59784

2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges...

6.9CVSS5.9AI score0.00286EPSS
Exploits0References2
CVE
CVE
added 2026/03/04 3:26 p.m.17 views

CVE-2025-59784

2N Access Commander versions prior to 3.4.2 are affected by a log pollution flaw: certain API parameters are written into logs without validation, exploitable only with administrator privileges. Affected product/version: 2N Access Commander

7.2CVSS5.9AI score0.00286EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/04 3:26 p.m.36 views

CVE-2025-59784 Log Pollution - Control Characters Not Escaped

2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges...

6.9CVSS0.00286EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.6 views

2N Access Commander 安全漏洞

2N Access Commander is an access control solution provided by 2N Corporation. Versions of 2N Access Commander prior to 3.4.1 contained security vulnerabilities. These vulnerabilities were due to log pollution, which allowed attackers who had been authenticated by administrators to include...

7.2CVSS5.8AI score0.00286EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/07 12:0 a.m.7 views

openSUSE 16 Security Update : python-maturin (openSUSE-SU-2026:20180-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20180-1 advisory. - CVE-2025-58160: tracing-subscriber: Fixed log pollution bsc1249011 Tenable has extracted the preceding description block directly from the SUSE securi...

2.3CVSS5.7AI score0.00303EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/02/06 12:0 a.m.4 views

Security update for python-maturin (moderate)

openSUSE security update: security update for python-maturin ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20180-1 Rating: moderate References: bsc1249011 Cross-References: CVE-2025-58160 CVSS scores: CVE-2025-58160 SUSE : 3.1...

3.1CVSS5.3AI score0.00303EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 8:51 p.m.6 views

OPENSUSE-SU-2026:20180-1 Security update for python-maturin

This update for python-maturin fixes the following issues: - CVE-2025-58160: tracing-subscriber: Fixed log pollution bsc1249011...

2.3CVSS5.6AI score0.00303EPSS
Exploits0References2
OSV
OSV
added 2026/02/05 8:51 p.m.8 views

SUSE-SU-2026:20335-1 Security update for python-maturin

This update for python-maturin fixes the following issues: - CVE-2025-58160: tracing-subscriber: Fixed log pollution bsc1249011...

2.3CVSS5.8AI score0.00303EPSS
Exploits0References3
OSV
OSV
added 2026/02/05 8:51 p.m.6 views

SUSE-SU-2026:20235-1 Security update for python-maturin

This update for python-maturin fixes the following issues: - CVE-2025-58160: tracing-subscriber: Fixed log pollution bsc1249011...

2.3CVSS5.8AI score0.00303EPSS
Exploits0References3
Rows per page
Query Builder