Lucene search
K

3280 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/03 10:40 a.m.15 views

CVE-2026-35081

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...

8.1CVSS6AI score0.0037EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/03 10:40 a.m.13 views

CVE-2026-35080

The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score0.0037EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/03 10:39 a.m.9 views

CVE-2026-35079 Arbitrary file delete vulnerability in method ugw-restore

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score0.0037EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 10:39 a.m.6 views

CVE-2026-35079

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score0.0037EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/03 10:39 a.m.15 views

EUVD-2026-34074

The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score0.0037EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 10:39 a.m.7 views

CVE-2026-35077

The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score0.0037EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/03 10:38 a.m.45 views

CVE-2026-35076 Arbitrary file delete vulnerability in method bac-scanresult

The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS0.0037EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/03 10:38 a.m.9 views

CVE-2026-35076 Arbitrary file delete vulnerability in method bac-scanresult

The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score0.0037EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/03 8:24 a.m.10 views

Improper Output Neutralization for Logs

Overview org.webjars.npm:morgan is a HTTP request logger middleware for node.js. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the :remote-user token, which extracts the Basic auth username from the Authorization header and writes it to the log...

6.9CVSS5.5AI score0.00246EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/03 8:24 a.m.9 views

Improper Output Neutralization for Logs

Overview morgan is a HTTP request logger middleware for node.js. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the :remote-user token, which extracts the Basic auth username from the Authorization header and writes it to the log stream without...

6.9CVSS5.5AI score0.00246EPSS
Exploits0References2
NVD
NVD
added 2026/06/03 8:16 a.m.12 views

CVE-2026-5078

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

5.3CVSS0.00246EPSS
Exploits0References2
OSV
OSV
added 2026/06/03 8:16 a.m.12 views

UBUNTU-CVE-2026-5078

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

5.3CVSS5.8AI score0.00246EPSS
Exploits0References4
CVE
CVE
added 2026/06/03 5:56 a.m.35 views

CVE-2026-5078

CVE-2026-5078 affects the morgan logging middleware; versions 1.2.0 through 1.10.1 write the Basic auth username from the Authorization header into logs without neutralizing CR/LF control characters, enabling log forgery. Affected formats include built-in combined, common, default, short, and any...

5.3CVSS5.8AI score0.00246EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/03 5:56 a.m.48 views

CVE-2026-5078 morgan vulnerable to Log Forging via unneutralized control characters in :remote-user

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

5.3CVSS0.00246EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/03 5:56 a.m.13 views

CVE-2026-5078 morgan vulnerable to Log Forging via unneutralized control characters in :remote-user

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

5.3CVSS5.8AI score0.00246EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/03 5:56 a.m.6 views

CVE-2026-5078

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

5.3CVSS5.8AI score0.00246EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.14 views

PT-2026-45920

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The ugw-restore method contains a flaw where insufficient validation of user-controlled input allows a remote attacker with user privileges to delete arbitrary...

8.1CVSS6.1AI score0.0037EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.21 views

PT-2026-45922

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes. This is caused by insufficient validation of user-supplied...

8.1CVSS6.1AI score0.0037EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.21 views

PT-2026-45918

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files. This occurs because the system does not sufficiently...

8.1CVSS6AI score0.0037EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.11 views

morgan 安全漏洞

Morgan is an open-source HTTP request logging middleware developed by ExpressJS. Versions 1.2.0 to 1.10.1 of Morgan contain security vulnerabilities. These vulnerabilities stem from the remoteuser token not being escaped with control characters, which may lead to log manipulation...

5.3CVSS5.3AI score0.00246EPSS
Exploits0References2
Rows per page
Query Builder