Lucene search
K

9146 matches found

RedHat Linux
RedHat Linux
added 3 days ago6 views

nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS5.9AI score0.00437EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 3 days ago4 views

nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS6.8AI score0.00437EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 3 days ago11 views

PT-2026-56081

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The AgentLogLine dashboard component uses the ansi-to-html library without the escapeXML: true setting and...

5.4CVSS6AI score0.00314EPSS
Exploits0References9
NVD
NVD
added 6 days ago9 views

CVE-2026-12557

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all...

5.3CVSS0.00223EPSS
Exploits0References2
CVE
CVE
added 6 days ago16 views

CVE-2026-12557

CVE-2026-12557 affects the Ninja Forms - File Uploads plugin for WordPress. All versions up to 3.3.29 allow an unauthenticated user to bypass authorization, enabling reads of plugin debug logs stored in the wp_nf3_log table and permanent deletion of log rows via the debug-log/delete-all and debug...

5.3CVSS5.8AI score0.00223EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41484

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all...

5.3CVSS5.8AI score0.00223EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-41465

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS5.8AI score0.00359EPSS
Exploits0References4
NVD
NVD
added 6 days ago7 views

CVE-2026-55726

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS0.00359EPSS
Exploits0References3
CVE
CVE
added last week14 views

CVE-2026-55726

CVE-2026-55726 concerns Gardyn IoT Hub: the Azure Blob Storage container used for device logs is publicly listable without authentication, enabling access to any device log file in that container. The root cause is a misconfiguration of storage permissions, exposing logs to unauthenticated users....

6.9CVSS5.8AI score0.00359EPSS
Exploits0References3
Cvelist
Cvelist
added last week58 views

CVE-2026-55726 Gardyn IoT Hub Exposure of Sensitive System Information to an Unauthorized Control Sphere

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS0.00359EPSS
Exploits0References3
NVD
NVD
added 2026/07/02 9:16 a.m.8 views

CVE-2026-8147

In MLflow versions prior to 3.14.0, when running with authentication enabled, the trace API endpoints lack proper authorization validators. This allows any authenticated user to bypass experiment-level authorization controls on all trace operations, including reading, deleting, and modifying trac...

8.1CVSS0.00348EPSS
Exploits1References2
OSV
OSV
added 2026/07/02 7:7 a.m.2 views

OPENSUSE-SU-2026:21208-1 Security update for cockpit

This update for cockpit fixes the following issue - CVE-2026-4802: remote command execution via unsanitized user-controlled parameters within crafted links in system logs UI bsc1265040...

8CVSS7.2AI score0.01016EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.5 views

Apache ZooKeeper: Apache ZooKeeper: Information disclosure via improper handling of configuration values

A flaw was found in Apache ZooKeeper. Improper handling of configuration values in ZKConfig allows an attacker to expose sensitive information. This occurs when sensitive client configuration values are logged at an INFO level in the client's logfile. This vulnerability can lead to information...

7.5CVSS7AI score0.01177EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.10 views

PT-2026-55275

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 3.3.0 Fiber versions prior to 2.52.14 Description The BalancerForward proxy helper in middleware/proxy/proxy.go uses the Header.Add function instead of Header.Set when injecting the X-Real-IP header. This behavior appen...

5.3CVSS6AI score
Exploits0References10
Cvelist
Cvelist
added 2026/07/01 6:10 p.m.38 views

CVE-2026-53489 containerd: Arbitrary host CRI log file read via symlink following in CRI checkpoint restore

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue h...

8.2CVSS0.00208EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 6:10 p.m.37 views

CVE-2026-53489

CVE-2026-53489 affects containerd CRI: when checkpoint restore occurs, the CRI plugin may read a host file by following a symlink for container.log. Vulnerable versions are prior to 2.3.2, 2.2.5 and 2.1.9. Impact described as arbitrary host file read via kubectl logs, with LOCAL attack potential ...

8.2CVSS5.9AI score0.00208EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/07/01 6:10 p.m.7 views

CVE-2026-53489

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue h...

8.2CVSS5.9AI score0.00208EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/07/01 6:10 p.m.7 views

CVE-2026-53489

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue h...

8.2CVSS5.9AI score0.00208EPSS
Exploits0
CVE
CVE
added 2026/07/01 5:21 p.m.15 views

CVE-2026-49091

CVE-2026-49091 affects Kibana and is caused by improper output neutralization for logs (CWE-117), enabling log injection when log content is viewed in terminals that interpret control sequences. Affected: Kibana 7.x up to 7.17.14 and 8.x up to 8.11.0. Remedies: upgrade to 7.17.15 or 8.11.1; mitig...

8CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 4:59 p.m.11 views

CVE-2026-49088

Kibana security advisory CVE-2026-49088 describes that when optional APM instrumentation is enabled, sensitive request header values may be logged in application logs, risking information disclosure (CWE-532). Affected versions include Kibana 8.x up to 8.18.8, 8.19.0–8.19.5, and 9.x 9.0.0–9.0.7, ...

4.4CVSS5.7AI score0.00211EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder