Schneider Electric PowerChute Serial Shutdown < 1.5 Multiple Vulnerabilities (SEVD-2026-104-01)

The version of Schneider Electric PowerChute Serial Shutdown installed on the remote host is prior to 1.5. It is, therefore, affected by multiple vulnerabilities, including: - An improper limitation of a pathname to a restricted directory vulnerability exists that could cause critical files to be...

EUVD-2026-12454

LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries...

CVE-2025-12755

IBM MQ Operator SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29 and IBM‑supplied MQ Advanced container images across affected SC2, CD, and LTS 9.3.x–9.4.x releases contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized...

CVE-2019-7351

Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value...

EUVD-2020-26490

Malware in sbrugna...

EUVD-2020-20029

Malware in sbrugna...

GHSA-3WWM-HJV7-23R3 Pyload log Injection via API /json/add_package in add_name parameter

Summary A log injection vulnerability was identified in pyload in API /json/addpackage. This vulnerability allows user with add packages permission to inject arbitrary messages into the logs gathered by pyload. Details pyload will generate a log entry when creating new package using API...

Ubuntu: Security Advisory (USN-7366-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2025:01952-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2025-48432: log injection or forgery due to unescaped control characters being added into logs bsc1244095...

Django 4.x < 4.2.22, 5.0.x < 5.1.10, 5.2.x < 5.2.2 Log Injection Vulnerability - Linux

Django is prone to a log injection vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if...

CVE-2025-48432

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are...

Ubuntu: Security Advisory (USN-7555-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-13950 Log Injection

Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser scripts if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

CVE-2018-16386

An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection and an arbitrary log filename can be achieved via the PATHINFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error...

Log Injection

Rack is vulnerable to log injection. The vulnerability is due to the Rack::Sendfile middleware logging unsanitized header values from the X-Sendfile-Type header, allowing an attacker to inject escape sequences into logs...

CVE-2025-25294

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the...

Moderate: Red Hat Security Advisory: Logging for Red Hat OpenShift - 5.9.12

Logging for Red Hat OpenShift - 5.9.12 Logging for Red Hat OpenShift - 5.9.12 logging-fluentd-container: Possible Log Injection in Rack::CommonLogger openshift-logging-5.9...

CVE-2025-27111

Rack is a Ruby web-server interface. The Rack::Sendfile middleware logs unsanitised header values from X-Sendfile-Type, enabling log injection when an attacker injects escape sequences (e.g., newline characters) into that header. Affected versions are fixed in Rack 2.2.12, 3.0.13, and 3.1.11. Pra...

CVE-2025-27111 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

Possible Log Injection in Rack::CommonLogger

Summary Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious content into logs. Details When a user provides the authorization credentials via Rack::Auth::Basic, if success,...