CVE-2026-50592

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog aka the communication log administration view...

GitHub CLI: GitHub Actions log output in `gh run view` allows terminal escape sequence injection

Summary A security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. Details The vulnerability stems from the way GitHub CLI handles raw Actions log...

SUSE CVE-2026-45803

gh is GitHub's official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerabilit...

BIT-AIRFLOW-2026-22922 Apache Airflow: Airflow externalLogUrl Permission Bypass

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this...

CVE-2026-22198

GestSup versions prior to 3.2.60 contain a pre-authentication stored cross-site scripting XSS vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY header value for example, to /api/v1/ticket.php, an unauthenticated attacker can cause...

CVE-2023-31437

An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."...

Linux Distros Unpatched Vulnerability : CVE-2019-7339

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter...

CVE-2024-47913

An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter...

PT-2025-6264 · Fortinet · Fortianalyzer

Name of the Vulnerable Software and Affected Versions: Fortinet FortiAnalyzer versions 6.4.0 through 7.6.0 Description: The issue allows an unauthorized actor to cause information disclosure via filter manipulation, potentially leading to the exposure of sensitive information. This is related to...

PT-2024-16441 · WordPress · Yaad Sarig Payment Gateway For Wc

Name of the Vulnerable Software and Affected Versions: Yaad Sarig Payment Gateway For WC plugin for WordPress versions up to, and including, 2.2.4 Description: The issue is related to a missing capability check on the yaadpay view log callback and yaadpay delete log callback functions. This allow...

Checkmk 安全漏洞

Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in versions prior to Checkmk 2.3.0p14 that stems from improper neutralization of user input. An attacker exploiting this vulnerability could inject and run malicious scripts in the Robotmk log view...

Security Bulletin: Vulnerabilities have been identified with the DS8900F Hardware Management Console (HMC)

Summary The updates indicated below have been released to address the following vulnerabilities: CVE-2023-46169 Arbitrary file deletion, CVE-2023-46171 view sensitive log information, CVE-2023-46172 Bypass authentication restrictions for authorized user, CVE-2023-46170 Arbitrary file read ,...

SUSE CVE-2023-31437

An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."...

Osprey Pump Controller 操作系统命令注入漏洞

Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01, which stems from the presence of an operating system command injection vulnerability. An attacker can exploit this vulnerability to inject and execute arbitrary shell...

GHSA-3PPM-FWHM-QQG6 FeehiCMS is vulnerable to Cross-Site Scripting (XSS)

FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting XSS vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer...

CVE-2022-43320

FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting XSS vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer...

FeehiCMS 跨站脚本漏洞

FeehiCMS is a Php-based CMS website builder for individual developers. feehiCMS version v2.1.1 has a security vulnerability that originates from an id parameter on /web/admin/index.php?r=log/view-layer found to contain a reflective cross-site scripting XSS vulnerability. No detailed vulnerability...

CVE-2021-32005

Cross-site Scripting XSS vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions...

MartDevelopers Iresturant 跨站脚本漏洞

MartDevelopers Iresturant is an open source lightweight restaurant Erp from MartDevelopers Kenya, designed to integrate social restaurant operations into a single system. A cross-site scripting vulnerability exists in MartDevelopers Iresturant because the product does not effectively filter...

Log Injection

ZoneMinder is vulnerable to log Injectio. An attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value...