CVE-2026-29197

In versions 8.4.0, 8.3.2, 8.2.2, 8.1.3, 8.0.4, 7.13.6, 7.12.7, 7.11.7, and 7.10.10, the endpoints /api/apps/logs and /api/apps/:id/logs have a typo in the required permission check, allowing authenticated users without the proper permissions to read apps-engine logs...

CVE-2026-6542

IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flowid to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow...

CVE-2026-2712

The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability checks in the receiveheartbeat function in includes/class-wp-optimize-heartbeat.php in all versions up to, and including, 4.5.0. This is due to the Heartbeat handler directly...

CVE-2026-40964

Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token...

EUVD-2026-31779

A missing authorization vulnerability in Zyxel GS1200-5v3 firmware versions through 1.00ACPS.2C0, GS1200-8v3 firmware versions through 1.00ACPT.2C0, GS1200-5HPv3 firmware versions through 1.00ACPU.2C0, GS1200-8HPv3 firmware versions through 1.00ACPV.2C0, and GS1200-10v3 firmware versions through...

CVE-2026-25690

CVE-2026-25690 affects Fortinet FortiDeceptor 6.0.0–6.0.2, 5.3.0–5.3.3, 5.2.0–5.2.1, and all 5.1/5.0 versions. It results from improper neutralization of argument delimiters in a command (argument injection). An authenticated attacker with at least read-only admin privileges can read log files vi...

EUVD-2026-29485

An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section...

CVE-2026-7431

An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section...

Astra Linux – Vulnerability in the supervisor

In Supervisor version 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer confirmed that the affected component, inethttpserver, is not enabled by default. However, if the user enables it and does not set a password, Supervisor will log a warning message...

CVE-2026-6542

IBM Langflow OSS 1.0.0–1.8.4 is vulnerable to an authorization bypass in the Monitor API: any authenticated user can supply a flow_id to read another user’s transaction logs and vertex build data, and can delete persisted vertex build data for another user’s flow. Root cause cited as missing owne...

CVE-2026-29197

In versions 8.4.0, 8.3.2, 8.2.2, 8.1.3, 8.0.4, 7.13.6, 7.12.7, 7.11.7, and 7.10.10, the endpoints /api/apps/logs and /api/apps/:id/logs have a typo in the required permission check, allowing authenticated users without the proper permissions to read apps-engine logs...

CVE-2026-29197

In versions 8.4.0, 8.3.2, 8.2.2, 8.1.3, 8.0.4, 7.13.6, 7.12.7, 7.11.7, and 7.10.10, the endpoints /api/apps/logs and /api/apps/:id/logs have a typo in the required permission check, allowing authenticated users without the proper permissions to read apps-engine logs...

CVE-2026-2712

The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability checks in the receiveheartbeat function in includes/class-wp-optimize-heartbeat.php in all versions up to, and including, 4.5.0. This is due to the Heartbeat handler directly...

CVE-2026-2712

The connected document identifies CVE-2026-2712-related risk in WordPress WP-Optimize plugin, specifically versions <= 4.5.0. The vulnerability is described as Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update and Image Manipulation, meaning an authenticated user with...

GHSA-J6F6-JP3P-53MW Juju: Read All Controller Logs From Compromised Workload

Summary It is possible that a compromised workload machine under a Juju controller can read any log file for any entity in any model at any level. There is a debug log endpoint in the API server that allows streaming of logs off of the controller. To access this endpoint you must be authenticatio...

CVE-2025-68152 Juju: Read All Controller Logs From Compromised Workload

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, it is possible that a compromised workload machine under a Juju...

EUVD-2026-10462

Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially...

CVE-2026-23742

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...

CVE-2023-25687

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. IBM X-Force ID: 247602...

PT-2025-50117

Name of the Vulnerable Software and Affected Versions Fortinet FortiAuthenticator versions 6.3 through 6.6.6 Fortinet FortiAuthenticator version 6.5 Fortinet FortiAuthenticator version 6.4 Fortinet FortiAuthenticator version 6.6.0 through 6.6.6 Description An authenticated attacker with sponsor...