CVE-2026-56304

picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create...

CVE-2026-7011 MaxSite CMS Antispam Plugin plugin_antispam cross site scripting

A weakness has been identified in MaxSite CMS up to 109.3. Affected by this vulnerability is an unknown functionality of the file /admin/pluginantispam of the component Antispam Plugin. Executing a manipulation of the argument floggingfile can lead to cross site scripting. It is possible to launc...

EUVD-2026-25685

A weakness has been identified in MaxSite CMS up to 109.3. Affected by this vulnerability is an unknown functionality of the file /admin/pluginantispam of the component Antispam Plugin. Executing a manipulation of the argument floggingfile can lead to cross site scripting. It is possible to launc...

PT-2026-28421

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.11 Mattermost versions 11.2.x through 11.2.3 Mattermost versions 11.3.x through 11.3.1 Mattermost versions 11.4.x through 11.4.0 Description The software does not properly validate file target paths fo...

GHSA-M7J5-R2P5-C39R picklescan vulnerable to arbitrary file create using logging.FileHandler

Summary Unsafe pickle deserialization allows unauthenticated attackers to perform Arbitrary File Creation. By chaining the logging.FileHandler class, an attacker can bypass RCE-focused blocklists to create empty files on the server. The vulnerability allows creating zero-byte files in arbitrary...

picklescan vulnerable to arbitrary file create using logging.FileHandler

Summary Unsafe pickle deserialization allows unauthenticated attackers to perform Arbitrary File Creation. By chaining the logging.FileHandler class, an attacker can bypass RCE-focused blocklists to create empty files on the server. The vulnerability allows creating zero-byte files in arbitrary...

GHSA-G5PG-73FC-HJWQ LiteLLM Reveals Portion of API Key via a Logging File

In berriai/litellm before version 1.44.12, the litellm/litellmcoreutils/litellmlogging.py file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount ...

Arbitrary Code Execution

liblouis is vulnerable to arbitrary code execution. The vulnerability exists through a segmentation fault in logging.c:loulogPrint...

CVE-2012-1105

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner...

Liblouis Segmentation Error Vulnerability

Liblouis is an open-source Braille translator written in C. It is a very easy to use and easy to use. A security vulnerability exists in the loulogPrint of the logging.c file in Liblouis version 3.5.0. No details of the vulnerability are provided at this time...

Sysmon v2.0 - System Activity Monitor for Windows

System Monitor Sysmon is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to...

MemHT Portal 4.0.1 Cross Site Scripting

!/usr/bin/perl MemHT Portal 4.0.1 Persistent Cross Site Scripting Vulnerability user agent by ZonTa - zontahackersatgmaildotcom After successful inject wait for the admin to view statistic page. Fix is available : http://www.memht.com/news149MemHT-Portal-4-0-2.html use Getopt::Std; use...

CVE-2001-0403

/opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI...

CVE-2000-0936

Samba Web Administration Tool SWAT in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords...