8719 matches found
CVE-2026-5270 Authentication Bypass in Navigator and Blue Planet Products
An authentication bypass vulnerability exists in certain releases of Ciena Navigator Network Control Suite NCS, Manage Control Plan MCP, and Blue Planet products. The issue is caused by improper handling of HTTP request paths and headers, which allows an unauthenticated attacker to manipulate...
CVE-2026-5270
Technical details (affected product versions, components, root cause, exploitability, and fixes) are not publicly provided in the supplied documents. Monitor for updates from official sources (NVD, ENISA EUVD, CVE listings) for concrete mitigation guidance.
CVE-2026-50502
Insufficient granularity of access control in Windows Event Logging Service allows an authorized attacker to execute code over a network...
CVE-2026-34348
Protection mechanism failure in Windows Event Logging Service allows an authorized attacker to disclose information over a network...
CVE-2026-50502 Windows Event Logging Service Remote Code Execution Vulnerability
...
CVE-2026-50502
CVE-2026-50502 corresponds to a Windows Event Logging Service remote code execution vulnerability. The issue is described as insufficient granularity of access control in the Event Logging Service, enabling an authenticated, network-accessing attacker to run code on the vulnerable system. For con...
CVE-2026-50502 Windows Event Logging Service Remote Code Execution Vulnerability
...
CVE-2026-34348
CVE-2026-34348 affects the Windows Event Logging Service. The issue is a protection mechanism failure that can allow an authorized attacker to disclose information over a network. According to the available records, the exploit surface is network-based with low privileges required and no user int...
CVE-2026-34348 Windows Event Logging Service Information Disclosure Vulnerability
...
Windows Event Logging Service Remote Code Execution Vulnerability
Insufficient granularity of access control in Windows Event Logging Service allows an authorized attacker to execute code over a network...
Windows Event Logging Service Information Disclosure Vulnerability
Protection mechanism failure in Windows Event Logging Service allows an authorized attacker to disclose information over a network...
PT-2026-58476
Name of the Vulnerable Software and Affected Versions Windows Event Logging Service affected versions not specified Description Insufficient granularity of access control in the Windows Event Logging Service allows an authorized attacker to execute arbitrary code over a network. Recommendations A...
PT-2026-58117
Name of the Vulnerable Software and Affected Versions Windows Event Logging Service affected versions not specified Description A protection mechanism failure in the Windows Event Logging Service allows an authorized attacker to disclose information over a network. Recommendations Install the Jul...
CVE-2026-22098 Sensitive information is written to logs
Various sensitive information such as passwords and charging card UIDs are written to log files...
CVE-2026-15574
The CVE-2026-15574 issue affects the vllm-orchestrator-gateway component, where the production binary logs incoming authorization headers and full chat payloads, potentially exposing PII, secrets, bearer tokens, and conversation content. This data exposure arises from a hard-coded debug/default l...
CVE-2026-15574
A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...
CVE-2026-61439 PraisonAI before 4.6.78 Prompt Injection Defense Bypass
PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financi...
Kibana 8.x < 8.18.9 / 8.19.x < 8.19.6 / 9.0.x < 9.0.8 / 9.1.x < 9.1.6 Information Disclosure (ESA-2026-50)
The version of Kibana installed on the remote host is 8.x prior to 8.18.9, 8.19.x prior to 8.19.6, 9.0.x prior to 9.0.8, or 9.1.x prior to 9.1.6. It is, therefore, affected by an information disclosure vulnerability: - Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to...
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging
A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML outpu...
SUSE-RU-2026:2816-1 Recommended update for python-aioresponses, python-google-api-core, python-google-api-python-client, python-google-auth, python-google-auth-httplib2, python-google-cloud-appengine-logging, python-google-cloud-artifact-registry, python-google-cloud-audit-log, python-google-cloud-build, python-google-cloud-compute, python-google-cloud-core, python-google-cloud-dns, python-google-cloud-domains, python-google-cloud-iam, python-google-cloud-kms, python-google-cloud-kms-inventory, python-google-cloud-logging, python-google-cloud-run, python-google-cloud-secret-manager, python-google-cloud-service-directory, python-google-cloud-spanner, python-google-cloud-storage, python-google-cloud-vpc-access, python-google-crc32c, python-google-resumable-media, python-googleapis-common-protos, python-grpc-google-iam-v1, python-grpc-interceptor, python-mmh3, python-mypy, python-opentelemetry-resourcedetector-gcp, python-poetry-core, python-proto-plus, python-pytest-asyncio, python-syrupy, python-typed-ast, python-uritemplate, python-dnspython, python-trio, python-websocket-client
This update for python-aioresponses, python-google-api-core, python-google-api-python-client, python-google-auth, python-google-auth-httplib2, python-google-cloud-appengine-logging, python-google-cloud-artifact-registry, python-google-cloud-audit-log, python-google-cloud-build,...