CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/04/17 12:0 a.m.•4 views

SUSE SLED15 / SLES15 Security Update : kea (SUSE-SU-2026:1378-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1378-1 advisory. Update to release 2.6.5: A large number of bracket pairs in a JSON payload directed to any endpoint would result in a...

7.5CVSS5.8AI score0.0105EPSS

RedhatCVE•added 2026/04/07 11:1 p.m.•2 views

CVE-2026-35171

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDROLOGGINGCONFIG environment variable and loads it without validation. The logging configuration schema supports the special key, which enables arbitrary...

PyPA•added 2026/04/06 6:16 p.m.•8 views

PYSEC-2026-72

9.8CVSS6.6AI score0.00714EPSS

Exploits0References1Affected Software1

OSV•added 2026/04/06 6:16 p.m.•7 views

PYSEC-2026-72

9.8CVSS6.6AI score0.00714EPSS

NVD•added 2026/04/06 6:16 p.m.•4 views

CVE-2026-35171

9.8CVSS0.00714EPSS

CVE•added 2026/04/06 5:45 p.m.•10 views

CVE-2026-35171

Kedro prior to version 1.3.0 is vulnerable to remote code execution via unsafe use of logging.config.dictConfig() with user-controlled input. The logging config path can be set through the KEDRO_LOGGING_CONFIG environment variable and is loaded without validation. The schema allows the special ()...

Exploits0References1Affected Software1

Vulnrichment•added 2026/04/06 5:45 p.m.•3 views

CVE-2026-35171 Arbitrary Code Execution via Malicious Logging Configuration in Kedro

Cvelist•added 2026/04/06 5:45 p.m.•19 views

CVE-2026-35171 Arbitrary Code Execution via Malicious Logging Configuration in Kedro

9.8CVSS0.00714EPSS

OSV•added 2026/04/03 3:48 a.m.•3 views

GHSA-9CQF-439C-J96R Kedro has Arbitrary Code Execution via Malicious Logging Configuration

Impact This is a critical remote code execution RCE vulnerability caused by unsafe use of logging.config.dictConfig with user-controlled input. Kedro allows the logging configuration file path to be set via the KEDROLOGGINGCONFIG environment variable and loads it without validation. The logging...

Github Security Blog•added 2026/04/03 3:48 a.m.•7 views

Kedro has Arbitrary Code Execution via Malicious Logging Configuration

Exploits0References4Affected Software1

CNNVD•added 2026/03/30 12:0 a.m.•3 views

HeidiSQL 安全漏洞

HeidiSQL is an open-source database management graphical interface tool developed by HeidiSQL. Version HeidiSQL 9.5.0.5196 contains a security vulnerability. This vulnerability stems from the file path field in the logging configuration file, which has a denial-of-service vulnerability. This coul...

6.9CVSS5.8AI score0.00206EPSS

Exploits1References4

RedhatCVE•added 2026/03/26 7:27 p.m.•6 views

CVE-2026-3112

A flaw was found in Mattermost. This vulnerability allows a system administrator to read arbitrary files on the host system. This is possible due to a failure to properly validate Advanced Logging file target paths, which can be exploited by providing a malicious AdvancedLoggingJSON configuration...

6.8CVSS5.9AI score0.00421EPSS

Exploits0References2

NVD•added 2026/03/22 2:16 p.m.•1 views

CVE-2019-25590

Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log...

6.9CVSS0.00166EPSS

Cvelist•added 2026/03/22 1:38 p.m.•22 views

CVE-2019-25590 Axessh 4.2 Denial of Service via Log File Name

6.9CVSS0.00166EPSS