CVE-2026-41495

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017771)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017771 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Logging. Supported versions that are affected are 8.0.21 and prior. Difficult to exploit...

EUVD-2026-16330

The API function sshgethexa is vulnerable, when 0-lenght input is provided to this function. This function is used internally in sshgetfingerprinthash and sshprinthexa deprecated, which is vulnerable to the same input length is provided by the calling application. The function is also used...

CVE-2026-0966

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

GHSA-9CP7-3Q5W-J92G parse-server: Malformed `$regex` query leaks database error details in API response

Impact A malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response. This leaks database internals such as error messages, error codes, code names, cluster timestamps, and topology details. The vulnerabilit...

EUVD-2022-34963

Malicious code in bioql PyPI...

CVE-2025-34183

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass and system compromise through credential...

Ilevia EVE X1 Server 安全漏洞

Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server version 4.7.18.0.eden and prior versions, which stems from a server-side logging mechanism that exposes clear-text credentials, which could lead to authenticati...

Linux Distros Unpatched Vulnerability : CVE-2021-35633

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Logging. Supported versions that are affected are 8.0.26 and prior. Easily...

PT-2025-28170

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 8.0.5 MongoDB Server versions prior to 7.0.18 MongoDB Server versions prior to 6.0.21 Description: An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server log...

CVE-2024-22276

VMware Cloud Director Object Storage Extension contains an Insertion of Sensitive Information vulnerability. A malicious actor with adjacent access to web/proxy server logging may be able to obtain sensitive information from URLs that are logged...

SUSE CVE-2021-35633

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Logging. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

reactor-netty-http: Log request headers in some cases of invalid HTTP requests

A flaw was found in the Reactor Netty HTTP Server, which may log request headers in some cases of invalid HTTP requests. This could allow an attacker to access privileged information when WARN level logging is enabled...

CVE-2023-25553

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...

SUSE CVE-2018-3283

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Logging. Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

SUSE CVE-2022-21460

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Logging. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

Information Disclosure

rh-mysql80-mysql is vulnerable to information disclosure. The vulnerability exists in the Server: Logging component, allowing an attacker to access critical data or complete access to all MySQL Server accessible data through the multiple protocol...

CVE-2022-39302

Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as "Better-Audit-Logging" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protection...

CVE-2022-21460

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Logging. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2022-21460

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Logging. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...