Lucene search
+L

856 matches found

CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Splunk SOAR 安全漏洞

Splunk SOAR is a security orchestration, automation, and response platform provided by Splunk Inc. Versions of Splunk SOAR prior to 8.5.0 contained a security vulnerability. This vulnerability stemmed from SOAR failing to strip control characters from the HTTP request path before writing...

4.3CVSS5.3AI score0.00199EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/06 4:28 a.m.9 views

CVE-2026-9016 Debug Log Manager <= 2.5.0 - Unauthenticated Improper Output Neutralization for Logs via log_js_errors AJAX Action

The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due to the logjserrors AJAX handler being registered for unauthenticated users via...

5.3CVSS5.6AI score0.00261EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/06 4:28 a.m.13 views

EUVD-2026-34960

The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due to the logjserrors AJAX handler being registered for unauthenticated users via...

5.3CVSS5.6AI score0.00261EPSS
Exploits0References6
CVE
CVE
added 2026/06/06 4:28 a.m.45 views

CVE-2026-9016

The CVE concerns the WordPress plugin Debug Log Manager (

5.3CVSS5.6AI score0.00261EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/06 4:28 a.m.9 views

CVE-2026-9016

The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due to the logjserrors AJAX handler being registered for unauthenticated users via...

5.3CVSS5.6AI score0.00261EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/06 1:26 a.m.17 views

EUVD-2026-34942

The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanitization in the getrestroute function and missing output escaping in the columndefault method of the...

7.2CVSS5.8AI score0.00338EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.11 views

WordPress plugin Debug Log Manager – Conveniently Monitor and Inspect Errors 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.12 views

CVE-2026-45684

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log...

5.3CVSS5.4AI score0.00172EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.13 views

CVE-2026-2404

CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /jsecurity check request payload...

6.9CVSS5.5AI score0.00186EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/06/05 3:41 p.m.20 views

K000161597: Apache Tomcat vulnerability CVE-2026-34483

Security Advisory Description Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade...

7.5CVSS7.1AI score0.00461EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/05 3:40 p.m.16 views

MCP Server Kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

Summary The kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes environments. An attacker who already has limited cluster or codebase access, for example, a developer with...

6.1CVSS5.5AI score0.00267EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/05 5:45 a.m.10 views

BIT-GOLANG-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

5.3CVSS5.5AI score0.0037EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46257

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose log js errors to any authenticated user, including guest users when guest access is enabled. The endpoint writes attacker-controlled strings directly into the main application log. The...

8.9CVSS5.7AI score0.00207EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/03 8:24 a.m.9 views

Improper Output Neutralization for Logs

Overview morgan is a HTTP request logger middleware for node.js. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the :remote-user token, which extracts the Basic auth username from the Authorization header and writes it to the log stream without...

6.9CVSS5.5AI score0.00246EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/03 12:30 a.m.12 views

EUVD-2026-34040

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

5.8AI score0.0037EPSS
Exploits0References5
NVD
NVD
added 2026/06/02 11:16 p.m.22 views

CVE-2026-42507

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

5.3CVSS0.0037EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 10:1 p.m.11 views

CVE-2026-42507

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

5.8AI score0.0037EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/06/02 9:39 p.m.8 views

Improper Output Neutralization for Logs

Overview std/net/textproto is a Go standard library package std/net/textproto Affected versions of this package are vulnerable to Improper Output Neutralization for Logs. Go Vulnerability Report: When returning errors, functions in the net/textproto package would include its input as part of the...

6.9CVSS5.5AI score0.0037EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/02 5:41 p.m.11 views

org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames

A flaw was found in Apache Log4j Core. This vulnerability allows for log injection through the use of Carriage Return Line Feed CRLF sequences. This occurs because security-related configuration attributes were silently renamed, impacting users who directly configure Rfc5424Layout with stream-bas...

7.5CVSS6.6AI score0.00831EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/02 3:25 p.m.43 views

CVE-2026-45684 OpenTelemetry eBPF Instrumentation: Log enricher writev path can overread and overwrite user buffers

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log...

4.9CVSS0.00172EPSS
Exploits1References2
Rows per page
Query Builder