📦 Graylog

This vulnerability allows attackers to steal session IDs from Graylog DEBUG log files, enabling them to impersonate legitimate users and gain their access privileges. All Graylog installations before ...

Graylog users can create API tokens for any user, including administrators, by exploiting weak permission checks in the REST API. This allows privilege escalation from any authenticated user account t...

This vulnerability in Graylog allows authenticated users with appropriate permissions to load and instantiate arbitrary Java classes via HTTP PUT requests to the cluster config endpoint. This can lead...

A reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface version 2.2.3 allows attackers to inject and execute arbitrary JavaScript code via specially crafted URLs. This affects Gr...

A reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface version 2.2.3 allows attackers to inject malicious JavaScript via specially crafted URLs. When users visit these URLs, arb...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Graylog API version 2.2.3 where authenticated users can modify user IDs in API URLs to access other users' profiles witho...

This vulnerability in Graylog's reporting functionality allows authorized users to potentially access other users' reports when multiple concurrent report rendering requests occur. This could leak log...