24 matches found
EUVD-2026-23400
A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the toolsetroute parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control...
CVE-2026-6494 Aap-mcp-server: aap mcp server: log injection allows social engineering attacks via unsanitized input
A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the toolsetroute parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control...
CVE-2026-6494
A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the toolsetroute parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control...
CVE-2026-6494 Aap-mcp-server: aap mcp server: log injection allows social engineering attacks via unsanitized input
A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the toolsetroute parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control...
CVE-2026-6494
A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the toolsetroute parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control...
PT-2026-33431
A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the toolsetroute parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control...
CVE-2026-2404
CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /jsecurity check request payload...
CVE-2026-2404
CVE-2026-2404 describes an input handling flaw (CWE-116) where improper encoding/escaping of output can lead to log injection and forged logs when an attacker alters the POST /j_security check request payload. The description confirms a network-exposed vector (AV:N) with no user interaction requi...
CVE-2026-2404
CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /jsecurity check request payload...
PT-2026-32676
CVE-2026-2404 CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j security check re… https://t.co/siaii18DPZ...
BIT-FLUENT-BIT-2025-12977 CVE-2025-12977
Fluent Bit inhttp, insplunk, and inelasticsearch input plugins fail to sanitize tagkey inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tagkey values containing special characters such as newlines or ../ that are treated as valid tags...
CVE-2025-12969
Fluent Bit inforward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing...
AZL-71108 CVE-2025-12969 affecting package fluent-bit for versions less than 3.1.10-4
Fluent Bit inforward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing...
CVE-2025-59476
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control log message contents to insert line break characters, followed by forged log messages that may...
CVE-2025-59476
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control log message contents to insert line break characters, followed by forged log messages that may...
CVE-2025-59476
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control log message contents to insert line break characters, followed by forged log messages that may...
CVE-2024-0095
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of...
CVE-2024-0095
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of...
CVE-2024-0095
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of...
CVE-2024-0095 CVE
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of...