CVE-2026-47644

Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

Improper Output Neutralization for Logs

Overview org.webjars.npm:morgan is a HTTP request logger middleware for node.js. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the :remote-user token, which extracts the Basic auth username from the Authorization header and writes it to the log...

SUSE-SU-2026:1937-1 Security update for python3

This update for python3 fixes the following issue: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed bsc1261970. - CVE-2026-4786: URLs...

CVE-2026-41109

Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-33833

Improper neutralization of special elements in output used by a downstream component 'injection' in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-33833

Improper neutralization of special elements in output used by a downstream component 'injection' in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-41109

Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-26164

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

M365 Copilot Information Disclosure Vulnerability

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

Astra Linux - уязвимость в ansible

A flaw in log handling was discovered in Ansible when using the uri module, which exposes sensitive data to content and json output. This flaw allows attackers to access logs or outputs of executed tasks, thereby enabling them to read keys used in playbooks from other users within the uri module...

EulerOS Virtualization 2.12.1 : aide (EulerOS-SA-2026-1415)

According to the versions of the aide package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability i...

AIDE Vulnerable to Improper Output Neutralization via Terminal Escape Sequences in Log and Report Output

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

ROS-20260209-73-0017

PowerDNS Recursor DNS server vulnerability is related to failure to take measures to neutralize special elements in the output data. Exploitation of the vulnerability could allow a remote attacker to affect the integrity and availability of protected information...

EulerOS Virtualization 2.10.1 : aide (EulerOS-SA-2026-1102)

According to the versions of the aide package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability...

MiracleLinux 8 : aide-0.16-15.el8_10.2 (AXSA:2025-10798:03)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10798:03 advisory. aide: improper output neutralization enables bypassing CVE-2025-54389 Tenable has extracted the preceding description block directly from the MiracleLinux...

RHEL 8 : aide (RHSA-2025:14980)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:14980 advisory. Advanced Intrusion Detection Environment AIDE is a utility that creates a database of files on the system, and then uses that database to ensure fil...

RHEL 8 : aide (RHSA-2025:14981)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:14981 advisory. Advanced Intrusion Detection Environment AIDE is a utility that creates a database of files on the system, and then uses that database to ensure fil...

RHEL 8 : aide (RHSA-2025:14982)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:14982 advisory. Advanced Intrusion Detection Environment AIDE is a utility that creates a database of files on the system, and then uses that database to ensure fil...

EulerOS 2.0 SP13 : aide (EulerOS-SA-2025-2492)

According to the versions of the aide package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An...

ROS-20251203-15

Vulnerability in Go library for decoding common map values into structures and vice versa mapstructure is related to incorrect neutralization of output data for logs. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information...