Lucene search
K

194 matches found

NVD
NVD
added 2026/07/01 6:16 p.m.5 views

CVE-2026-49091

Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection via Log Injection-Tampering-Forging CAPEC-93. An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal tha...

8CVSS0.00201EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 5:21 p.m.18 views

CVE-2026-49091

CVE-2026-49091 affects Kibana and is caused by improper output neutralization for logs (CWE-117), enabling log injection when log content is viewed in terminals that interpret control sequences. Affected: Kibana 7.x up to 7.17.14 and 8.x up to 8.11.0. Remedies: upgrade to 7.17.15 or 8.11.1; mitig...

8CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54770

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Improper output neutralization for logs allows for log injection. An attacker can provide specially crafted input that is written to log files without being properly neutralized. If these log...

8CVSS5.8AI score0.00201EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Ansible

A flaw in log output neutralization was discovered in Ansible when using the uri module. This flaw exposes sensitive data to content and JSON output. It allows attackers to access logs or outputs of executed tasks, thereby enabling them to read keys used in playbooks from other users within the u...

5.5CVSS6.8AI score0.00568EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/10 9:0 p.m.10 views

CVE-2026-42835

Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Teams for Android allows an authorized attacker to disclose information over a network...

8.1CVSS5.4AI score0.01259EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.22 views

Microsoft Teams for Android Information Disclosure Vulnerability

Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Teams for Android allows an authorized attacker to disclose information over a network...

8.1CVSS5.4AI score0.01259EPSS
Exploits0
NVD
NVD
added 2026/06/04 11:17 p.m.26 views

CVE-2026-47644

Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

7.5CVSS0.00732EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/03 8:24 a.m.10 views

Improper Output Neutralization for Logs

Overview org.webjars.npm:morgan is a HTTP request logger middleware for node.js. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the :remote-user token, which extracts the Basic auth username from the Authorization header and writes it to the log...

6.9CVSS5.5AI score0.00246EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 7:41 a.m.6 views

SUSE-SU-2026:1937-1 Security update for python3

This update for python3 fixes the following issue: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed bsc1261970. - CVE-2026-4786: URLs...

9.1CVSS7.3AI score0.00579EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.10 views

CVE-2026-41109

Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...

8.8CVSS5.8AI score0.00861EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.7 views

CVE-2026-33833

Improper neutralization of special elements in output used by a downstream component 'injection' in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network...

8.2CVSS5.8AI score0.00498EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 6:17 p.m.9 views

CVE-2026-33833

Improper neutralization of special elements in output used by a downstream component 'injection' in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network...

8.2CVSS0.00498EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 4:58 p.m.7 views

CVE-2026-41109

Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...

8.8CVSS5.8AI score0.00861EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/07 10:16 p.m.11 views

CVE-2026-26164

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

7.5CVSS0.00799EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/05/07 2:0 p.m.8 views

M365 Copilot Information Disclosure Vulnerability

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.8AI score0.00799EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.3 views

EulerOS Virtualization 2.12.1 : aide (EulerOS-SA-2026-1415)

According to the versions of the aide package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability i...

6.2CVSS5.9AI score0.00216EPSS
Exploits2References3
Broadcom
Broadcom
added 2026/03/03 12:0 a.m.19 views

AIDE Vulnerable to Improper Output Neutralization via Terminal Escape Sequences in Log and Report Output

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

6.2CVSS5.9AI score0.0021EPSS
Exploits1
Redos
Redos
added 2026/02/09 12:0 a.m.7 views

ROS-20260209-73-0017

PowerDNS Recursor DNS server vulnerability is related to failure to take measures to neutralize special elements in the output data. Exploitation of the vulnerability could allow a remote attacker to affect the integrity and availability of protected information...

8.2CVSS5.7AI score0.00266EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.6 views

EulerOS Virtualization 2.10.1 : aide (EulerOS-SA-2026-1102)

According to the versions of the aide package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability...

6.2CVSS5.9AI score0.00216EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

MiracleLinux 8 : aide-0.16-15.el8_10.2 (AXSA:2025-10798:03)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10798:03 advisory. aide: improper output neutralization enables bypassing CVE-2025-54389 Tenable has extracted the preceding description block directly from the MiracleLinux...

6.2CVSS7.5AI score0.0021EPSS
Exploits1References2
Rows per page
Query Builder