CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

136 matches found

CVE-2026-40861

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

6.5CVSS0.0007EPSS

Exploits0References3

ATTACKERKB•added 2026/05/22 1:15 p.m.•2 views

CVE-2026-8671

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0...

7.5CVSS5.8AI score0.00032EPSS

Exploits0References2

EUVD•added 2026/05/22 1:15 p.m.•4 views

EUVD-2026-31438

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0...

7.5CVSS5.8AI score0.00032EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в tomcat9

Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. User...

7.5CVSS5.8AI score0.00073EPSS

Exploits0References1

EUVD•added 2026/04/17 9:31 a.m.•0 views

EUVD-2026-23392

Dell PowerProtect Data Domain appliances with Data Domain Operating System DD OS of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with remote access...

7.6CVSS5.8AI score0.00017EPSS

Exploits0References2

Cvelist•added 2026/04/08 12:4 p.m.•14 views

CVE-2026-5301 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in coolercontrol-ui

Stored XSS in log viewer in CoolerControl/coolercontrol-ui 4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries...

7.6CVSS0.00041EPSS

Exploits0References3

ATTACKERKB•added 2026/02/06 5:46 p.m.•2 views

CVE-2026-24903

OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Stored Cross-Site Scripting XSS vulnerability was discovered in the Log Message in the Session Page in OrcaStatLLM-Researcher that allows attackers to inject and execute arbitrary JavaScript code in victims' browsers through...

5.3CVSS5.8AI score0.00041EPSS

Exploits1References2Affected Software1

Tenable Nessus•added 2026/01/20 12:0 a.m.•2 views

MiracleLinux 8 : git-2.31.1-3.el8 (AXSA:2023-4991:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4991:01 advisory. git: gitattributes parsing integer overflow CVE-2022-23521 git: Heap overflow in git archive, git log --format leading to RCE CVE-2022-41903 Tenable...

9.8CVSS8.6AI score0.17802EPSS

Exploits0References3

CNNVD•added 2026/01/16 12:0 a.m.•0 views

Apple macOS security vulnerabilities

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe prior to 26.1 contained a security vulnerability caused by a log-related issue, which could allow applications access to sensitive user data...

5.5CVSS6.6AI score0.00008EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 11:22 a.m.•5 views

CVE-2021-31164

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements...

7.5CVSS7AI score0.02937EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:48 a.m.•7 views

CVE-2022-31889

Cross Site Scripting XSS vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae...

6.1CVSS5.9AI score0.00758EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:17 a.m.•8 views

CVE-2025-23289

NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files through proxy servers. A successful exploit of this vulnerability might lead to information disclosure...

5.5CVSS5.9AI score0.00082EPSS

Exploits0References1

OSV•added 2025/10/31 2:12 p.m.•6 views

OESA-2025-2560 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

9.6CVSS7.8AI score0.00274EPSS

Exploits4References4

Vulnrichment•added 2025/10/14 3:23 p.m.•2 views

CVE-2025-31514

An Insertion of Sensitive Information into Log File vulnerability CWE-532 in FortiOS 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an attacker with at least read-only privileges to retrieve sensitive 2FA-related information via observing log...

2.7CVSS6.2AI score0.00042EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2011-1820

Malware in sbrugna...

2.1CVSS6.4AI score0.00051EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-21196

Malware in sbrugna...

6.5CVSS6.5AI score0.00396EPSS

Exploits2References4