Information Disclosure

Apache ZooKeeper is vulnerable to Information Disclosure. The vulnerability is due to improper handling of configuration values in ZKConfig, where sensitive client configuration data may be logged at INFO level in the client logfile, potentially exposing confidential information...

EUVD-2025-208357

A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open e.g., /tmp/weblogsomenumber, but this parameter is not properly validated, allowing an attacker to modify it to...

CVE-2025-57283

A flaw was found in browserstack-local. Improper input sanitization of the logfile variable allows an attacker to inject arbitrary OS commands that are executed when this variable is processed, resulting in arbitrary command execution. Mitigation To mitigate this issue, implement strict input...

GHSA-G4W6-C99W-4WH7 BrowserStack Local vulnerable to Command Injection through logfile variable

The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...

BrowserStack Local vulnerable to Command Injection through logfile variable

The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...

CVE-2025-57283

The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...

CVE-2025-57283

The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...

CVE-2025-57283

The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...

Node.js security vulnerabilities

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Version 1.5.8 of Node.js contains a security vulnerability caused by improper cleanup of the logfile variable, which may lead to command injection attacks...

CVE-2025-57283

The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...

Command Injection

Overview browserstack-local is a Nodejs bindings for BrowserStack Local Affected versions of this package are vulnerable to Command Injection via the logfile variable in lib/Local.js. An attacker can execute arbitrary operating system commands by supplying crafted input to this variable. This is...

CVE-2025-57283

Node.js package browserstack-local v1.5.8 contains a command‑injection vulnerability. The logfile variable is not properly sanitized in lib/Local.js, allowing an attacker to cause arbitrary OS commands to execute when the variable is processed. Exploitation is contingent on the attacker’s ability...

PT-2026-5132

Name of the Vulnerable Software and Affected Versions browserstack-local version 1.5.8 Description The Node.js package browserstack-local is affected by a command injection issue. The problem stems from insufficient sanitization of the logfile variable within the lib/Local.js file, potentially...

EUVD-2025-206491

The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...

CVE-2016-10771

cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing SEC-165...

CVE-2025-1228

A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected is an unknown function of the file /read/?page=1=LOGMonitor of the component Logfile Update Handler. The manipulation of the argument path leads to path traversal...

OPENSUSE-SU-2025:20155-1 Security update for exim

This update for exim fixes the following issues: - CVE-2025-53881: Fixed a potential security issue with logfile rotation bsc1246457...

openSUSE 16 Security Update : exim (openSUSE-SU-2025:20155-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025:20155-1 advisory. - CVE-2025-53881: Fixed a potential security issue with logfile rotation bsc1246457 Tenable has extracted the preceding description block directly from...

CVE-2025-34414

Entrust Instant Financial Issuance IFI On Premise software formerly referred to as CardWizard versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the Legacy Remoting Service that is enabled by default. The service registers a TCP remoting channel with...

PT-2025-44510

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.4.2 Description Nagios XI versions prior to 2024R1.4.2 have a remote code execution issue in the Business Process Intelligence BPI component. The issue is due to inadequate validation and sanitization of...