| CVE-2025-53106 |
unknown |
— |
— |
11mo ago |
Graylog vulnerable to privilege escalation through API tokens |
|
| CVE-2025-46827 |
unknown |
— |
— |
1y ago |
Graylog Allows Session Takeover via Insufficient HTML Sanitization |
|
| CVE-2025-30373 |
unknown |
— |
— |
1y ago |
Graylog's Authenticated HTTP inputs ingest message even if Authorization header is missing or has wrong value |
|
| CVE-2024-24823 |
unknown |
— |
— |
2y ago |
Graylog session fixation vulnerability through cookie injection |
|
| CVE-2024-24824 |
unknown |
— |
— |
2y ago |
Graylog vulnerable to instantiation of arbitrary classes triggered by API request |
|
| CVE-2023-41044 |
unknown |
— |
— |
3y ago |
Graylog server has partial path traversal vulnerability in Support Bundle feature |
|
| CVE-2023-41045 |
unknown |
— |
— |
3y ago |
Graylog vulnerable to insecure source port usage for DNS queries |
|
| CVE-2023-41041 |
unknown |
— |
— |
3y ago |
Graylog user session is still usable after logout |
|
| CVE-2018-11650 |
unknown |
— |
— |
4y ago |
Cross-site Scripting in Graylog Server |
|
| CVE-2018-11651 |
unknown |
— |
— |
4y ago |
Cross-site Scripting in Graylog |
|
| CVE-2018-14380 |
unknown |
— |
— |
4y ago |
Cross-site Scripting in Graylog Server |
|