Lucene search
K

1668 matches found

Nuclei
Nuclei
added 6 hours ago109 views

D-Link DIR-3040 1.13B03 - Information Disclosure

D-Link DIR-3040 1.13B03 is susceptible to information disclosure in the Syslog functionality. A specially crafted HTTP network request can lead to the disclosure of sensitive information. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute...

6.5CVSS6.7AI score0.36486EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 5 days ago5 views

org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames

A flaw was found in Apache Log4j Core. This vulnerability allows for log injection through the use of Carriage Return Line Feed CRLF sequences. This occurs because security-related configuration attributes were silently renamed, impacting users who directly configure Rfc5424Layout with stream-bas...

7.5CVSS6.4AI score0.00831EPSS
Exploits0References9
NVD
NVD
added 6 days ago8 views

CVE-2026-24698

An OS command injection vulnerability exists in the savesyslogtofile function of the "httpd" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The modelname configuration parameter is not properly sanitized, which could allow an authenticated...

7.2CVSS0.00957EPSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-24698

CVE-2026-24698 concerns an OS command injection in the Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5 / 1.2.2.8) devices. The vulnerability exists in the save_syslog_to_file() function of the Cisco httpd binary, where the model_name configuration parameter is not properly san...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.8 views

Fedora 45 : rust-fern / rust-ifcfg-devname / rust-routinator / rust-rpki / etc (2026-188f731254)

The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-188f731254 advisory. Update routinator to the latest, pulling in updated dependencies rpki and syslog, and switch fern to using syslog 7 instead of 6 for this update, an...

9.3CVSS6.7AI score0.00549EPSS
Exploits0References6
CVE
CVE
added 2026/06/25 8:38 a.m.31 views

CVE-2026-53131

In CVE-2026-53131, multiple netfilter-related paths in the Linux kernel (including ip6t_eui64, xt_mac, and several ipset types) could access Ethernet MAC header data via eth_hdr(skb) without first verifying that the skb is associated with an Ethernet device or that the MAC header is present and l...

9.4CVSS5.7AI score0.00431EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52227

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the netfilter component, several modules access the eth hdrskb function without properly verifying that the socket buffer skb is associated with an Ethernet device or that a valid MAC...

9.4CVSS6.1AI score0.00431EPSS
Exploits0References21
OSV
OSV
added 2026/06/22 10:38 p.m.9 views

MAL-2026-6274 Malicious code in web3-token-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c826bf782895b60580b94e3a28a2c4562d3742420ce81e9895ad8568da57890 The package advertises itself as a Web3 fee utility but its main export is a dropper. index.js line 140 base64-decodes a platform-specific command...

5.8AI score
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/06/15 2:45 a.m.10 views

CVE-2026-12211 Intelbras iNVU 7016 FT Web syslog path traversal

A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been...

5.1CVSS4.4AI score0.00372EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/15 2:45 a.m.42 views

CVE-2026-12211 Intelbras iNVU 7016 FT Web syslog path traversal

A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been...

5.1CVSS0.00372EPSS
Exploits0References6
CVE
CVE
added 2026/06/15 2:45 a.m.26 views

CVE-2026-12211

Intelbras iNVU 7016 FT (3.004.00IB000.0.T, build 2025-09-26) Web Interface contains a path traversal vulnerability in the /RPC2_Loadfile/syslog/ function. The flaw can be exploited remotely to manipulate files; exploit code has been published. A fixed version has been released by the vendor and u...

5.1CVSS4.6AI score0.00372EPSS
Exploits0References6
NVD
NVD
added 2026/06/13 3:16 a.m.19 views

CVE-2026-54231

A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...

5.5CVSS0.00116EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/13 2:34 a.m.7 views

CVE-2026-54231 Abrt: unsanitized systemd journal content written to dump directory files enables content injection

A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...

5.5CVSS5.3AI score0.00116EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/13 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-54231

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log...

5.5CVSS5.6AI score0.00116EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.15 views

CVE-2026-6025

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The...

10CVSS7.5AI score0.03EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/02 5:41 p.m.11 views

org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames

A flaw was found in Apache Log4j Core. This vulnerability allows for log injection through the use of Carriage Return Line Feed CRLF sequences. This occurs because security-related configuration attributes were silently renamed, impacting users who directly configure Rfc5424Layout with stream-bas...

7.5CVSS6.6AI score0.00831EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/31 1:15 a.m.12 views

CVE-2026-10159

A weakness has been identified in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSysLog of the file /goform/formSysLog. This manipulation of the argument currentpage causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been mad...

9CVSS7.9AI score0.00463EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/27 7:53 a.m.30 views

CVE-2026-40828 Authenticated SQLi in DeleteSysLogEntry function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

7CVSS0.00295EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-43594

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

7CVSS6AI score0.00295EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 2:52 p.m.18 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Log4j ( CVE-2026-34477, CVE-2026-34478, CVE-2026-34479 & CVE-2026-34480 )

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Log4j. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addresse...

7.5CVSS5.8AI score0.0086EPSS
Exploits1Affected Software2
Rows per page
Query Builder