CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

154 matches found

OSV•added 2026/05/27 9:13 p.m.•2 views

GHSA-M7V2-7GXM-VC2V Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener

Description Symfony\Bridge\Monolog\Command\ServerLogCommand the server:log console command is a development-time helper that opens a TCP listener and displays log records pushed to it by the application's logging pipeline. Two unsafe defaults combine into a remotely reachable PHP...

9.3CVSS6.4AI score

Exploits0References6

Positive Technologies•added 2026/05/27 12:0 a.m.•4 views

PT-2026-44145

Name of the Vulnerable Software and Affected Versions symfony/monolog-bridge versions prior to 5.4.52 symfony/monolog-bridge versions prior to 6.4.40 symfony/monolog-bridge versions prior to 7.4.12 symfony/monolog-bridge versions prior to 8.0.12 symfony/symfony versions prior to 5.4.52...

9.3CVSS6.5AI score

Exploits0References8

Snyk•added 2026/05/20 3:35 p.m.•7 views

Deserialization of Untrusted Data

Overview symfony/monolog-bridge is a Provides integration for Monolog with various Symfony components Affected versions of this package are vulnerable to Deserialization of Untrusted Data via deserialization of network input in Symfony\Bridge\Monolog\Command\ServerLogCommand. An attacker can...

9.8CVSS6.4AI score

Exploits0References2

ATTACKERKB•added 2026/05/13 12:8 a.m.•3 views

CVE-2026-8200

When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...

4.8CVSS5.8AI score0.00032EPSS

Exploits0References2Affected Software1

Fedora•added 2026/04/25 1:56 a.m.•2 views

[SECURITY] Fedora 44 Update: awstats-8.0-4.fc44

Advanced Web Statistics is a powerful and full-featured tool that generates advanced web server graphical statistics. This server log analyzer works from the command line or as a CGI and shows all information your log contains, in graphical web pages. It can analyze a lot of web/wap/proxy servers...

7.8CVSS5.3AI score0.0007EPSS

Exploits1

Patchstack•added 2026/02/11 11:56 p.m.•2 views

WordPress WP Server Log Viewer <= 1.0 - Stored Cross Site Scripting vulnerability

Stored Cross Site Scripting vulnerability discovered by strider in WordPress Plugin WP Server Log Viewer versions = 1.0...

6.4CVSS5.4AI score0.00043EPSS

Exploits0References1Affected Software1

NVD•added 2026/02/11 3:16 p.m.•2 views

CVE-2019-25315

WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface...

6.4CVSS0.00043EPSS

Exploits0References3

ATTACKERKB•added 2026/02/11 2:56 p.m.•2 views

CVE-2019-25315

6.4CVSS5.1AI score0.00043EPSS

Exploits0References3Affected Software1

CVE•added 2026/02/11 2:56 p.m.•7 views

CVE-2019-25315

The CVE concerns WordPress Server Log Viewer 1.0, where a persistent XSS vulnerability exists through unfiltered log file paths. Attackers can create log files containing embedded XSS payloads that execute when viewed in the WordPress admin interface. The description provides CVSSv3.1/4.0 metrics...

6.4CVSS5.1AI score0.00043EPSS

Exploits0References3

Vulnrichment•added 2026/02/11 2:56 p.m.•3 views

CVE-2019-25315 WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting

6.4CVSS5.1AI score0.00043EPSS

Exploits0References3

CNNVD•added 2026/02/11 12:0 a.m.•2 views

WordPress plugin Server Log Viewer 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.6AI score0.00043EPSS

Exploits0References3

RedhatCVE•added 2026/01/07 9:18 a.m.•10 views

CVE-2025-1973

The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the downloadfile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrar...

4.9CVSS6.8AI score0.0018EPSS

Exploits0References1

Veracode•added 2025/11/10 8:50 a.m.•4 views

Path Traversal

mllogger is vulnerable to path traversal. the vulnerability is due to manipulation of the File argument in the loghandler function of mllogger/server.py, which allows an attacker to perform path traversal to read, create, or overwrite files remotely...

7.5CVSS7.3AI score0.00068EPSS

Exploits0References6Affected Software1

Veracode•added 2025/11/10 6:21 a.m.•3 views

Deserialization Of Untrusted Data

mllogger is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to manipulation of the loghandler argument data in mllogger/server.py, which triggers unsafe deserialization and allows a remote attacker to supply crafted input that can lead to arbitrary code execution or othe...

6.5CVSS7AI score0.00089EPSS

Exploits0References6Affected Software1