Lucene search
K

4 matches found

NVD
NVD
added 2026/04/17 9:16 a.m.5 views

CVE-2026-6494

A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the toolsetroute parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control...

5.3CVSS0.00314EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 3:31 p.m.18 views

CVE-2026-4276

CVE-2026-4276 — LibreChat RAG API 0.7.0 is affected by a log-injection vulnerability caused by improper sanitization of input written to system logs. An authenticated attacker can forge log entries by injecting CRLF characters into the file_id field of a POST request, compromising audit trails. R...

7.5CVSS5.8AI score0.00277EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/04/22 12:0 a.m.4 views

flask-cors 安全漏洞

Flask-CORS is a cross-origin resource sharing component for Flask. A security vulnerability exists in flask-cors, which stems from improper neutralization of log output, allowing an attacker to corrupt log files, potentially masking the trail of other attacks, obfuscating log processing tools, an...

4.3CVSS6.8AI score0.00352EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/19 12:0 a.m.6 views

Flask-CORS 安全漏洞

Flask-CORS is a cross-origin resource sharing component for Flask. A security vulnerability exists in Flask-CORS that stems from a vulnerability to a log injection attack when the log level is set to debug, which can be exploited by an attacker to send a specially crafted GET request that contain...

5.3CVSS6AI score0.00574EPSS
Exploits1References2
Rows per page
Query Builder