Lucene search
K

25418 matches found

Cvelist
Cvelist
added 2026/07/01 2:51 p.m.30 views

CVE-2026-58037 Core log entries for exceptions and XSS issues in log entry formatting code that may be caused by user-controlled input

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php,...

0.0039EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:51 p.m.5 views

CVE-2026-58037

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php,...

5.8AI score0.0039EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/07/01 3:36 a.m.88 views

Cobbler <3.3.0 - Remote Code Execution

Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via an XMLRPC method. id: CVE-2021-40323 info: name: Cobbler 3.3.0 - Remote Code Execution author: c-sh0 severity: critical description: Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via ...

9.8CVSS7.9AI score0.88482EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 3:33 a.m.11 views

CVE-2026-7828

UltraVNC repeater up to version 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, win_log() allocates memory with malloc(sizeof(struct LIST) + strlen(line)); if strlen(line) is large, the size overflows to a value smaller than sizeof(struct ...

5.3CVSS6.2AI score0.00839EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/01 12:0 a.m.2 views

UBUNTU-CVE-2026-58025

Safely unserialize log entry parameters...

5.9CVSS5.8AI score0.00342EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-58037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is...

6AI score0.0039EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54484

Name of the Vulnerable Software and Affected Versions UltraVNC repeater versions prior to 1.8.2.3 Description An integer overflow exists in the HTTP request logging path. The win log function allocates list nodes using a calculation based on the length of the HTTP request URI. If the URI length i...

5.3CVSS6.4AI score0.00839EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54770

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Improper output neutralization for logs allows for log injection. An attacker can provide specially crafted input that is written to log files without being properly neutralized. If these log...

8CVSS5.8AI score0.00201EPSS
Exploits0References7
OSV
OSV
added 2026/06/30 11:39 p.m.3 views

BIT-ENVOY-2026-47220 Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTEDSERVERNAMEX:Y% is used in log format and host related options is specified, like HOSTFIRST, SNIFIRST, it's possible to crash Envoy when the specified host...

7.5CVSS5.8AI score0.00665EPSS
Exploits1References5
NVD
NVD
added 2026/06/30 8:17 p.m.5 views

CVE-2026-12086

IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user...

6.2CVSS0.00101EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 7:36 p.m.31 views

CVE-2026-12086 IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Insertion of Sensitive Information into Log File Vulnerability

IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user...

6.2CVSS0.00101EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 7:36 p.m.6 views

EUVD-2026-40390

IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user...

6.2CVSS5.8AI score0.00101EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 7:36 p.m.34 views

CVE-2026-12086

CVE-2026-12086 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy (IDD): versions 7.2 (up to 7.2.3.23), 7.3 (up to 7.3.2.18), 8.0 (up to 8.0.1.13), 8.1 (up to 8.1.2.6), and 8.2 (up to 8.2.1.0) store potentially sensitive information in log files readable by local users. Root cause is insert...

6.2CVSS5.8AI score0.00101EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/30 7:36 p.m.6 views

CVE-2026-12086

IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user...

6.2CVSS5.8AI score0.00101EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2026/06/30 5:16 p.m.7 views

CVE-2026-58369

Woodpecker before 3.15.0 registers the /api/orgs/lookup/orgfullname endpoint without authentication middleware, and the LookupOrg handler unconditionally dereferences the session user user.ForgeID, via ForgeFromUser when selecting the forge to query. For an unauthenticated request session.User...

6.9CVSS0.00362EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/30 3:56 p.m.5 views

EUVD-2026-40357

Woodpecker before 3.15.0 registers the /api/orgs/lookup/orgfullname endpoint without authentication middleware, and the LookupOrg handler unconditionally dereferences the session user user.ForgeID, via ForgeFromUser when selecting the forge to query. For an unauthenticated request session.User...

6.9CVSS5.8AI score0.00362EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 3:56 p.m.13 views

CVE-2026-58369

Woodpecker

6.9CVSS5.8AI score0.00362EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 3:56 p.m.43 views

CVE-2026-58369 Woodpecker < 3.15.0 - Unauthenticated NULL Pointer Dereference in /api/orgs/lookup Enables Log-Flooding Denial of Service

Woodpecker before 3.15.0 registers the /api/orgs/lookup/orgfullname endpoint without authentication middleware, and the LookupOrg handler unconditionally dereferences the session user user.ForgeID, via ForgeFromUser when selecting the forge to query. For an unauthenticated request session.User...

6.9CVSS0.00362EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 11:7 a.m.2 views

SUSE-SU-2026:22454-1 Security update for dnsmasq

This update for dnsmasq fixes the following issues Update to 2.93: - CVE-2026-12725: heap buffer overflow in logquery when logging unsupported DS/DNSKEY replies bsc1268764...

7.5CVSS6.2AI score0.00754EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/30 7:49 a.m.12 views

CVE-2026-55276

A flaw was found in Apache Tomcat. Due to an always-incorrect control flow implementation, special roles and empty authorization constraints were not accurately included when the effective web.xml configuration was logged. This could lead to a security oversight where administrators might...

9.1CVSS5.8AI score0.00368EPSS
Exploits0References4
Rows per page
Query Builder