K000161596: Multiple Apache Tomcat vulnerabilities

Security Advisory Description CVE-2026-25854 Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through...

MagnusBilling Login Logs - Cross-Site Scripting

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is...

GHSA-4P62-HQP5-G644 MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper

Summary The logfilename parameter in the statado API and CLI is directly interpolated into a Stata command string without sanitization. The security guard GuardValidator only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands including...

MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper

Summary The logfilename parameter in the statado API and CLI is directly interpolated into a Stata command string without sanitization. The security guard GuardValidator only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands including...

CVE-2026-43984

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose logjserrors to any authenticated user, including guest users when guest access is enabled. The endpoint writes attacker-controlled strings directly into the main application log. The...

CVE-2026-43984

CVE-2026-43984 affects Tautulli (Python-based Plex monitoring) prior to version 2.17.1. An authenticated user, including guests when guest access is enabled, can abuse an endpoint that writes attacker-controlled strings into the main application log. The log viewer then embeds the log contents in...

CVE-2026-43984 Tautulli has stored XSS in logFile via guest-controlled log_js_errors input

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose logjserrors to any authenticated user, including guest users when guest access is enabled. The endpoint writes attacker-controlled strings directly into the main application log. The...

PT-2026-46845

Summary The log file name parameter in the stata do API and CLI is directly interpolated into a Stata command string without sanitization. The security guard GuardValidator only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands includi...

(Pwn2Own) Microsoft Edge Feedback Log File Handling Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

EUVD-2026-34070

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...

CVE-2019-25717

CVE-2019-25717 affects Dräger Infinity Delta, Delta XL, and Kappa patient monitors. The vulnerability allows unauthenticated attackers over a network to access exposed log files, exposing device internals, location data, and wired network configuration details. No root cause or remediation detail...

CVE-2019-25717 Dräger Infinity Delta/Kappa Patient Monitors Unauthenticated Log File Disclosure

Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration...

Insertion of Sensitive Information into Log File

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the setCookie and start functions. An attacker can gain unauthorized access to...

Security Bulletin: IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcase buckets (CVE-2025-13755)

Summary IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcase buckets. Vulnerability Details CVEID:CVE-2025-13755 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes DB2 Connect Server stores potentially...

Insertion of Sensitive Information into Log File

Overview github.com/projectcalico/calico/cni-plugin/pkg/install is a cloud-native networking and network security package Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the logging of the entire unmarshaled configuration map at INFO level ...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the logging of the entire unmarshaled configuration map at INFO level to /var/log/calico/cni/cni.log during each CNI ADD and DEL invocation. An attacker can obtain sensitive...

CVE-2026-41185

When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map stdinData at INFO level to...

IBM DB2 Multiple Vulnerabilities (7273554, 7273555, 7273556, 7273557, 7273558) (Windows)

According to its self-reported version number, IBM Db2 is affected by multiple vulnerabilities: - IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server stores potentially sensitive information in log files that could be read by a local user. CVE-2025-13755 - IBM Db2 is vulnerable to a...

CVE-2026-48066 pam_usb: Thread-unsafe static pointer in log.c causes data race under concurrent PAM authentication

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

CVE-2026-5515

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user...