4 matches found
CVE-2025-57564
CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into production systems via the /api/logs/insert/elasticsearch/bulk endpoint. This endpoint accepts bulk log data without requiring authentication or input validation, allowing remote attackers to perform...
CVE-2025-57564
CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into production systems via the /api/logs/insert/elasticsearch/bulk endpoint. This endpoint accepts bulk log data without requiring authentication or input validation, allowing remote attackers to perform...
PT-2025-41008
Name of the Vulnerable Software and Affected Versions CubeAPM version nightly-2025-08-01-1 Description The software allows unauthenticated attackers to inject arbitrary log entries into production systems. This is possible through the /api/logs/insert/elasticsearch/ bulk API endpoint, which accep...
EUVD-2025-32855
CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into production systems via the /api/logs/insert/elasticsearch/bulk endpoint. This endpoint accepts bulk log data without requiring authentication or input validation, allowing remote attackers to perform...