Graylog2 Graylog2-server
9 CVEs affecting Graylog2 Graylog2-server. Latest disclosed: 2025-07-02. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-53106 | High | 8.8 | 2025-07-02 | Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated p… |
CVE-2024-24824 | High | 8.8 | 2024-02-07 | Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and insta… |
CVE-2025-46827 | High | 8.0 | 2025-05-07 | Graylog is a free and open log management platform. Prior to versions 6.0.14, 6.1.10, and 6.2.0, it is possible to obtain user session cookies by submitting an… |
CVE-2025-30373 | Medium | 6.5 | 2025-04-07 | Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specif… |
CVE-2024-52506 | Medium | 6.5 | 2024-11-18 | Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboar… |
CVE-2024-24823 | Medium | 5.7 | 2024-02-07 | Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session… |
CVE-2023-41045 | Low | 3.7 | 2023-08-31 | Graylog is a free and open log management platform. Graylog makes use of only one single source port for DNS queries. Graylog binds a single socket for outgoin… |
CVE-2023-41044 | Low | 3.3 | 2023-08-31 | Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's `Support Bundle` feature. The vulnerability is c… |
CVE-2023-41041 | Low | 2.6 | 2023-08-30 | Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used f… |