Cisco IOS XE Software IOx Application Hosting Environment CRLF Injection (cisco-sa-iox-crlf-NvgKTKJZ)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return lin...

CVE-2026-6494

A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the toolsetroute parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control...

CVE-2026-5301

Stored XSS in log viewer in CoolerControl/coolercontrol-ui 4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries...

CVE-2026-5301 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in coolercontrol-ui

Stored XSS in log viewer in CoolerControl/coolercontrol-ui 4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries...

CVE-2026-5301

This CVE affects CoolerControl/coolercontrol-ui prior to version 4.0.0, where a Stored XSS in the log viewer could be exploited by unauthenticated attackers via poisoned log entries. The root cause is unvalidated/sanitized user input rendered in log viewing functionality, enabling JavaScript exec...

EUVD-2026-19878

WWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing Transaction Deduplication in ipn.php...

CVE-2026-28862

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

EUVD-2026-15137

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

CVE-2026-28862

CVE-2026-28862 describes a privacy vulnerability in macOS where an app could access user-sensitive data due to insufficient private data redaction in log entries. The issue has been addressed in macOS updates: Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4. These fixes implement improved private d...

CVE-2026-28862

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

CVE-2026-4276

LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries...

CVE-2026-4276 LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries.

LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries...

CVE-2026-4276

CVE-2026-4276 — LibreChat RAG API 0.7.0 is affected by a log-injection vulnerability caused by improper sanitization of input written to system logs. An authenticated attacker can forge log entries by injecting CRLF characters into the file_id field of a POST request, compromising audit trails. R...

BIT-AIRFLOW-2025-27555 Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow cli

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

CVE-2025-27555

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

EUVD-2025-207547

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

CVE-2025-27555

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

CVE-2025-27555

CVE-2025-27555 concerns Apache Airflow prior to 2.11.1 where authenticated users with audit log access can see sensitive connection parameters logged by the system when set via the airflow CLI. The underlying issue is that these sensitive values were stored unencrypted in the Airflow database and...

CVE-2025-27555 Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow cli

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

CVE-2025-12755

CVE-2025-12755 affects IBM MQ Operator (SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29) and IBM-supplied MQ Advanced container images across SC2, CD, and LTS releases. The vulnerability is log injection through improper neutralization of log entries, enabling an attacker to inject data into MQ logs and pote...