Lucene search
+L

8719 matches found

cvelist
cvelist
added 2 days ago39 views

CVE-2026-5270 Authentication Bypass in Navigator and Blue Planet Products

An authentication bypass vulnerability exists in certain releases of Ciena Navigator Network Control Suite NCS, Manage Control Plan MCP, and Blue Planet products. The issue is caused by improper handling of HTTP request paths and headers, which allows an unauthenticated attacker to manipulate...

0.00217EPSS
Exploits0References1
cve
cve
added 2 days ago16 views

CVE-2026-5270

Technical details (affected product versions, components, root cause, exploitability, and fixes) are not publicly provided in the supplied documents. Monitor for updates from official sources (NVD, ENISA EUVD, CVE listings) for concrete mitigation guidance.

9.8CVSS6.1AI score0.00217EPSS
Exploits0References1
nvd
nvd
added 2 days ago3 views

CVE-2026-50502

Insufficient granularity of access control in Windows Event Logging Service allows an authorized attacker to execute code over a network...

8CVSS0.00613EPSS
Exploits0References1
nvd
nvd
added 2 days ago4 views

CVE-2026-34348

Protection mechanism failure in Windows Event Logging Service allows an authorized attacker to disclose information over a network...

6.5CVSS0.00714EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2 days ago4 views

CVE-2026-50502 Windows Event Logging Service Remote Code Execution Vulnerability

...

8CVSS6.1AI score0.00613EPSS
Exploits0References1
cve
cve
added 2 days ago6 views

CVE-2026-50502

CVE-2026-50502 corresponds to a Windows Event Logging Service remote code execution vulnerability. The issue is described as insufficient granularity of access control in the Event Logging Service, enabling an authenticated, network-accessing attacker to run code on the vulnerable system. For con...

8CVSS6.2AI score0.00613EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago32 views

CVE-2026-50502 Windows Event Logging Service Remote Code Execution Vulnerability

...

8CVSS0.00613EPSS
Exploits0References1
cve
cve
added 2 days ago5 views

CVE-2026-34348

CVE-2026-34348 affects the Windows Event Logging Service. The issue is a protection mechanism failure that can allow an authorized attacker to disclose information over a network. According to the available records, the exploit surface is network-based with low privileges required and no user int...

6.5CVSS6.1AI score0.00714EPSS
Exploits0References1Affected Software10
cvelist
cvelist
added 2 days ago27 views

CVE-2026-34348 Windows Event Logging Service Information Disclosure Vulnerability

...

6.5CVSS0.00714EPSS
Exploits0References1
mscve
mscve
added 2 days ago4 views

Windows Event Logging Service Remote Code Execution Vulnerability

Insufficient granularity of access control in Windows Event Logging Service allows an authorized attacker to execute code over a network...

8CVSS6.2AI score0.00613EPSS
Exploits0
mscve
mscve
added 2 days ago6 views

Windows Event Logging Service Information Disclosure Vulnerability

Protection mechanism failure in Windows Event Logging Service allows an authorized attacker to disclose information over a network...

6.5CVSS6.1AI score0.00714EPSS
Exploits0
ptsecurity
ptsecurity
added 2 days ago5 views

PT-2026-58476

Name of the Vulnerable Software and Affected Versions Windows Event Logging Service affected versions not specified Description Insufficient granularity of access control in the Windows Event Logging Service allows an authorized attacker to execute arbitrary code over a network. Recommendations A...

8CVSS6.4AI score0.00613EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2 days ago6 views

PT-2026-58117

Name of the Vulnerable Software and Affected Versions Windows Event Logging Service affected versions not specified Description A protection mechanism failure in the Windows Event Logging Service allows an authorized attacker to disclose information over a network. Recommendations Install the Jul...

6.5CVSS6.1AI score0.00714EPSS
Exploits0References3
vulnrichment
vulnrichment
added 3 days ago4 views

CVE-2026-22098 Sensitive information is written to logs

Various sensitive information such as passwords and charging card UIDs are written to log files...

9.2CVSS6.1AI score0.00332EPSS
Exploits0References1
cve
cve
added 3 days ago10 views

CVE-2026-15574

The CVE-2026-15574 issue affects the vllm-orchestrator-gateway component, where the production binary logs incoming authorization headers and full chat payloads, potentially exposing PII, secrets, bearer tokens, and conversation content. This data exposure arises from a hard-coded debug/default l...

7.5CVSS6AI score0.00259EPSS
Exploits0References2
redhatcve
redhatcve
added 3 days ago8 views

CVE-2026-15574

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS6AI score0.00259EPSS
Exploits0References3
osv
osv
added 5 days ago2 views

CVE-2026-61439 PraisonAI before 4.6.78 Prompt Injection Defense Bypass

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financi...

8.7CVSS6.1AI score0.0026EPSS
Exploits0References4
nessus
nessus
added 6 days ago11 views

Kibana 8.x < 8.18.9 / 8.19.x < 8.19.6 / 9.0.x < 9.0.8 / 9.1.x < 9.1.6 Information Disclosure (ESA-2026-50)

The version of Kibana installed on the remote host is 8.x prior to 8.18.9, 8.19.x prior to 8.19.6, 9.0.x prior to 9.0.8, or 9.1.x prior to 9.1.6. It is, therefore, affected by an information disclosure vulnerability: - Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to...

4.4CVSS6.1AI score0.00211EPSS
Exploits0References2
redhat
redhat
added 2026/07/09 3:29 p.m.4 views

org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging

A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML outpu...

7.5CVSS5.9AI score0.0086EPSS
Exploits0References9
osv
osv
added 2026/07/09 1:16 p.m.2 views

SUSE-RU-2026:2816-1 Recommended update for python-aioresponses, python-google-api-core, python-google-api-python-client, python-google-auth, python-google-auth-httplib2, python-google-cloud-appengine-logging, python-google-cloud-artifact-registry, python-google-cloud-audit-log, python-google-cloud-build, python-google-cloud-compute, python-google-cloud-core, python-google-cloud-dns, python-google-cloud-domains, python-google-cloud-iam, python-google-cloud-kms, python-google-cloud-kms-inventory, python-google-cloud-logging, python-google-cloud-run, python-google-cloud-secret-manager, python-google-cloud-service-directory, python-google-cloud-spanner, python-google-cloud-storage, python-google-cloud-vpc-access, python-google-crc32c, python-google-resumable-media, python-googleapis-common-protos, python-grpc-google-iam-v1, python-grpc-interceptor, python-mmh3, python-mypy, python-opentelemetry-resourcedetector-gcp, python-poetry-core, python-proto-plus, python-pytest-asyncio, python-syrupy, python-typed-ast, python-uritemplate, python-dnspython, python-trio, python-websocket-client

This update for python-aioresponses, python-google-api-core, python-google-api-python-client, python-google-auth, python-google-auth-httplib2, python-google-cloud-appengine-logging, python-google-cloud-artifact-registry, python-google-cloud-audit-log, python-google-cloud-build,...

7CVSS6.8AI score0.01857EPSS
Exploits1References4
Rows per page
Query Builder