32 matches found
CVE-2025-41429
CVE-2025-41429 affects a-blog CMS across multiple versions, where improper log neutralization is cited as the underlying issue. The entry notes that exploitation in combination with CVE-2025-36560 could allow a remote unauthenticated attacker to hijack a legitimate user’s session. Connected sourc...
PT-2025-21221 · Unknown · A-Blog Cms
Name of the Vulnerable Software and Affected Versions: a-blog cms versions affected versions not specified Description: The issue is related to improper neutralization of logs. A remote unauthenticated attacker may hijack a legitimate user's session if the vulnerability is exploited...
IBM Concert Input Validation Error Vulnerability (CNVD-2025-02547)
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An input validation error vulnerability exists in IBM Concert versions 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3, which stems from incorrect log...
CVE-2024-52891
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization...
CVE-2024-8297
Summary: CVE-2024-8297 affects kitsada8621 Digital Library Management System v1.0. The vulnerability lies in the function JwtRefreshAuth within middleware/jwt_refresh_token_middleware.go , where manipulation of the Authorization parameter leads to improper output neutralization for logs. This iss...
PYSEC-2024-271
corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...
CVE-2024-1681
corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...
CVE-2024-0987 Sichuan Yougou Technology KuERP log neutralization for logs
A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected is an unknown function of the file /runtime/log. The manipulation leads to improper output neutralization for logs. The exploit has been disclosed to the public and may be used. The...
EcoStruxure Geo SCADA Expert 安全漏洞
EcoStruxure Geo SCADA Expert is an integrated, scalable, and reliable Supervisory Control and Data Acquisition SCADA software. A security vulnerability exists in EcoStruxure Geo SCADA Expert that stems from an improper output neutralization issue with the device's logs, which can lead to incorrec...
PT-2023-10190 · Cisco · Opendns Openresolve
Name of the Vulnerable Software and Affected Versions: OpenDNS OpenResolve affected versions not specified Description: A problematic vulnerability has been found in OpenDNS OpenResolve, affecting an unknown part of the file resolverapi/endpoints.py. The manipulation leads to improper output...
PT-2022-25520 · Codeboxr · Codeboxr Cbx User Online & Last Login Plugin
Name of the Vulnerable Software and Affected Versions: codeboxr CBX User Online & Last Login Plugin affected versions not specified Description: A vulnerability was found in the codeboxr CBX User Online & Last Login Plugin, affecting the HTTP Header Handler component. The manipulation of the...
CVE-2022-22151
CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions fr...