Server crash via malformed binary diff passed to $_internalApplyOplogUpdate.

The $internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command...

CVE-2026-35452

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesyste...

CVE-2026-1847

Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the oplog from the primary. This could stall replication inside the replica set leading to server crash...

operation-log

oper...

EUVD-2022-3752

Malicious code in bioql PyPI...

CVE-2025-8701

A vulnerability was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /OLOprationLog/GetPageList. The manipulation of the argument optUser leads to sql injection. The attack may ...

CVE-2025-8701

A vulnerability was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /OLOprationLog/GetPageList. The manipulation of the argument optUser leads to sql injection. The attack may ...

CVE-2019-17433

z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen...

ZKTeco ZKBioSecurity SQL注入漏洞

ZKTeco ZKBioSecurity is a web-based all-in-one platform from ZKTeco China.A SQL injection vulnerability exists in ZKteco ZKBioSecurity V5000 version 4.1.3, which stems from a lack of validation of external input SQL statements in component/baseOpLog.do. An attacker could exploit the vulnerability...

Cross-Site Scripting (XSS)

encore/laravel-admin is vulnerable to cross-site scripting XSS. It is possible because it does not properly handle the "Operation Log" screen, allowing an attacker to inject arbitrary script through Slug or Name parameters on the Roles screen...

CVE-2019-17433

z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen...

CVE-2019-17433

z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen...

Code injection

z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen...

CVE-2019-17433

z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen...

CVE-2019-17433

Summary: CVE-2019-17433 affects z-song laravel-admin 1.7.3. An XSS vulnerability exists on the Roles screen (Slug/Name fields) due to mishandling on the “Operation log” screen. What’s affected: The Laravel-Admin UI component used for managing Roles in z-song’s laravel-admin package (version 1.7.3...

How to Collect XenServer Guest VM Operation Log

This article explains how to collect XenServer guest vm operation log...