| CVE-2025-53106 |
unknown |
— |
— |
|
|
|
11mo ago |
Graylog vulnerable to privilege escalation through API tokens |
| CVE-2025-46827 |
unknown |
— |
— |
|
|
|
1y ago |
Graylog Allows Session Takeover via Insufficient HTML Sanitization |
| CVE-2025-30373 |
unknown |
— |
— |
|
|
|
1y ago |
Graylog's Authenticated HTTP inputs ingest message even if Authorization header is missing or has wrong value |
| CVE-2024-24823 |
unknown |
— |
— |
|
|
|
2y ago |
Graylog session fixation vulnerability through cookie injection |
| CVE-2024-24824 |
unknown |
— |
— |
|
|
|
2y ago |
Graylog vulnerable to instantiation of arbitrary classes triggered by API request |
| CVE-2023-41044 |
unknown |
— |
— |
|
|
|
3y ago |
Graylog server has partial path traversal vulnerability in Support Bundle feature |
| CVE-2023-41045 |
unknown |
— |
— |
|
|
|
3y ago |
Graylog vulnerable to insecure source port usage for DNS queries |
| CVE-2023-41041 |
unknown |
— |
— |
|
|
|
3y ago |
Graylog user session is still usable after logout |
| CVE-2018-11650 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting in Graylog Server |
| CVE-2018-11651 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting in Graylog |
| CVE-2018-14380 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting in Graylog Server |