4 matches found
CVE-2026-6494
A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the toolsetroute parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control...
CVE-2026-4276
CVE-2026-4276 — LibreChat RAG API 0.7.0 is affected by a log-injection vulnerability caused by improper sanitization of input written to system logs. An authenticated attacker can forge log entries by injecting CRLF characters into the file_id field of a POST request, compromising audit trails. R...
flask-cors 安全漏洞
Flask-CORS is a cross-origin resource sharing component for Flask. A security vulnerability exists in flask-cors, which stems from improper neutralization of log output, allowing an attacker to corrupt log files, potentially masking the trail of other attacks, obfuscating log processing tools, an...
Flask-CORS 安全漏洞
Flask-CORS is a cross-origin resource sharing component for Flask. A security vulnerability exists in Flask-CORS that stems from a vulnerability to a log injection attack when the log level is set to debug, which can be exploited by an attacker to send a specially crafted GET request that contain...