[SECURITY] Fedora 43 Update: cockpit-362-1.fc43

The Cockpit Web Console enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more...

CVE-2026-50592

The CVE CVE-2026-50592 affects Znuny LTS prior to 6.5.21 and Znuny prior to 7.3.3, with a reflected XSS in AdminCommunicationLog (the communication log administration view). The underlying issue is a reflected cross-site scripting vulnerability that could impact users when viewing the admin commu...

CVE-2026-50592

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog aka the communication log administration view...

EUVD-2026-34783

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog aka the communication log administration view...

CVE-2026-50592

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog aka the communication log administration view...

PT-2026-46899

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog aka the communication log administration view...

GHSA-4P62-HQP5-G644 MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper

Summary The logfilename parameter in the statado API and CLI is directly interpolated into a Stata command string without sanitization. The security guard GuardValidator only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands including...

MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper

Summary The logfilename parameter in the statado API and CLI is directly interpolated into a Stata command string without sanitization. The security guard GuardValidator only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands including...

CVE-2026-43984

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose logjserrors to any authenticated user, including guest users when guest access is enabled. The endpoint writes attacker-controlled strings directly into the main application log. The...

CVE-2026-43984

CVE-2026-43984 affects Tautulli (Python-based Plex monitoring) prior to version 2.17.1. An authenticated user, including guests when guest access is enabled, can abuse an endpoint that writes attacker-controlled strings into the main application log. The log viewer then embeds the log contents in...

CVE-2026-43984

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose logjserrors to any authenticated user, including guest users when guest access is enabled. The endpoint writes attacker-controlled strings directly into the main application log. The...

EUVD-2026-34284

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose logjserrors to any authenticated user, including guest users when guest access is enabled. The endpoint writes attacker-controlled strings directly into the main application log. The...

CVE-2026-43984 Tautulli has stored XSS in logFile via guest-controlled log_js_errors input

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose logjserrors to any authenticated user, including guest users when guest access is enabled. The endpoint writes attacker-controlled strings directly into the main application log. The...

CVE-2026-43984 Tautulli has stored XSS in logFile via guest-controlled log_js_errors input

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose logjserrors to any authenticated user, including guest users when guest access is enabled. The endpoint writes attacker-controlled strings directly into the main application log. The...

CVE-2026-50205

CVE-2026-50205 describes a vulnerability where system log files output unencrypted SMTP server authentication passwords along with sensitive employee identifiers. The brief does not specify affected products, vendors, or versions. Impact is stated as high confidentiality exposure (log leakage of ...

All-in-One WP Migration < 7.87 - Unauthenticated Information Disclosure

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to unauthenticated information disclosure due to its error.log file being publicly accessible in versions before 7.87. id: CVE-2024-8852 info: name: All-in-One WP Migration 7.87 - Unauthenticated Information Disclosure...

VMware vRealize Log Insight - Path Traversal

he vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. id: CVE-2022-31706 info: name: VMware vRealize Log Insight - Path Traversal...

LogDash Activity Log <= 1.1.3 - SQL Injection

The LogDash Activity Log plugin for WordPress is vulnerable to SQL Injection via the username parameter in all versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

MagnusBilling Login Logs - Cross-Site Scripting

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is...

Cobbler <3.3.0 - Remote Code Execution

Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via an XMLRPC method. id: CVE-2021-40323 info: name: Cobbler 3.3.0 - Remote Code Execution author: c-sh0 severity: critical description: Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via ...