Lucene search
K

25418 matches found

NVD
NVD
added 2 days ago9 views

CVE-2026-34035

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...

8.8CVSS0.0034EPSS
Exploits0References3
CVE
CVE
added 2 days ago9 views

CVE-2026-34035

CVE-2026-34035 affects Coolify. Prior to version 4.0.0-beta.466, log drain secret and environment values could be interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the host. Resulting impact is host RCE with high severity. ...

8.8CVSS6AI score0.0034EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-34035

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...

8.8CVSS6AI score0.0034EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-34035 Coolify: Host RCE via Log Drain secret/env command injection

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...

8.8CVSS0.0034EPSS
Exploits0References3
OSV
OSV
added 2 days ago4 views

ALSA-2026:36049 Important: kernel-rt security, bug fix, and enhancement update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount CVE-2026-23216 kernel: gfs2: Fix use-after-free in iomap inline...

7.8CVSS6AI score0.0031EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago6 views

Malicious code in log-format-thread (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 778c35bb8086ee3d81fc8c882aa7e47144695564bc017c2fc71022695b47601d The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-44934

A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials...

7CVSS6AI score0.00119EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41858

A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials...

7CVSS6AI score0.00119EPSS
Exploits0References1
CVE
CVE
added 3 days ago15 views

CVE-2026-44934

SUSE Rancher AI Agent 1.0 before 1.0.2 contains an information disclosure when DEBUG loglevel is enabled, leaking API keys and LLM response text into logfiles. The issue affects local users with HIGH privileges and local attack vector; confidentiality and subsequent confidentiality are HIGH, whil...

7CVSS6AI score0.00119EPSS
Exploits0References1
OSV
OSV
added 3 days ago5 views

OESA-2026-2871 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackexpect: use expect-helper Use expect-helper in ctnetlink and /proc to dump the helper name. Using nfcthelp without holding a reference to t...

9.8CVSS5.8AI score0.00612EPSS
Exploits0References15
OSV
OSV
added 3 days ago4 views

OESA-2026-2840 nilfs-utils security update

Userspace utilities for creating and mounting NILFS v2 filesystems. Security Fixes: NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images...

6.7CVSS5.9AI score0.00105EPSS
Exploits0References2
Nuclei
Nuclei
added 6 days ago24 views

Error Log Viewer By WP Guru <= 1.0.1.3 - Missing Authorization to Arbitrary File Read

The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wpajaxnoprivelvwplogdownload AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, whi...

7.5CVSS7.2AI score0.47137EPSS
Exploits1References4
Nuclei
Nuclei
added 6 days ago45 views

Riello Netman 204 - SQL Injection

The three endpoints /cgi-bin/dbdatalogw.cgi, /cgi-bin/dbeventlogw.cgi, and /cgi-bin/dbmultimetrw.cgi are vulnerable to SQL injection without prior authentication. This enables an attacker to modify the collected log data in an arbitrary way. id: CVE-2024-8877 info: name: Riello Netman 204 - SQL...

9.8CVSS7.5AI score0.7703EPSS
Exploits2References3
NVD
NVD
added 6 days ago5 views

CVE-2026-46467

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low...

5.8CVSS0.00085EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41543

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low...

5.8CVSS5.9AI score0.00085EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-46467

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low...

5.8CVSS0.00085EPSS
Exploits0References1
CVE
CVE
added 6 days ago14 views

CVE-2026-46467

Dell PowerProtect Data Domain (versions 7.7.1.0–8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) contains an insertion of sensitive information into log files. A low-privileged, local attacker could exploit this to cause information exposure. The CVE is documen...

5.8CVSS5.9AI score0.00085EPSS
Exploits0References1Affected Software1
NVD
NVD
added 6 days ago9 views

CVE-2026-12557

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all...

5.3CVSS0.00223EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-12557 Ninja Forms - File Uploads <= 3.3.29 - Missing Authorization to Unauthenticated Log Disclosure and Deletion via debug-log/delete-all and debug-log/get-all REST Endpoints

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all...

5.3CVSS0.00223EPSS
Exploits0References2
CVE
CVE
added 6 days ago16 views

CVE-2026-12557

CVE-2026-12557 affects the Ninja Forms - File Uploads plugin for WordPress. All versions up to 3.3.29 allow an unauthenticated user to bypass authorization, enabling reads of plugin debug logs stored in the wp_nf3_log table and permanent deletion of log rows via the debug-log/delete-all and debug...

5.3CVSS5.8AI score0.00223EPSS
Exploits0References2
Rows per page
Query Builder