org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation

An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...

BIT-TOMCAT-2025-55754 Apache Tomcat: console manipulation via escape sequences in log messages

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an...

SUSE CVE-2025-55754

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an...

Improper Neutralization Of Escape, Meta, Or Control Sequences

Apache Tomcat is vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences vulnerability. The vulnerability is due to Tomcat logging unescaped, user-controlled URL data to console output, and attackers can use specially crafted URLs to inject ANSI escape sequences to manipulate...

CVE-2025-55754

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an...

Apache Tomcat 安全漏洞

Apache Tomcat is a lightweight Web application server from the American Apache Apache Foundation. It is used to implement support for Servlets and JavaServer Page JSP. A security vulnerability exists in Apache Tomcat that stems from not properly escaping ANSI escape sequences, which could lead to...

MongoDB Shell < 2.3.9 Control Character Injection (MONGOSH-2024, MONGOSH-2025, MONGOSH-2026)

The version of MongoDB Shell installed on the remote host is prior to 2.3.9. It is, therefore, affected by a vulnerability as referenced in the MONGOSH-2024, MONGOSH-2025, MONGOSH-2026 advisories. - The MongoDB Shell may be susceptible to control character injection where an attacker with control...

Improper Neutralization

Mongosh is vulnerable to Improper Neutralization. The vulnerability is due to improper input sanitization due to an attacker being able to manipulate a user's clipboard, leading to the pasting of obfuscated malicious code that is executed in mongosh...

MongoDB Shell may be susceptible to control character injection via pasting

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. This issue...

CVE-2025-1692 MongoDB Shell may be susceptible to control character injection via pasting

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. This issue...

&#8216;Fix It&#8217; social-engineering scheme impersonates several brands

More and more, threat actors are leveraging the browser to deliver malware in ways that can evade detection from antivirus programs. Social engineering is a core part of these schemes and the tricks we see are sometimes very clever. Case in point, there has been an increase in attacks that involv...

MAL-2023-2328 Malicious code in tkcalendra (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx dd65f2c94fec35121de0dd1448e48824d9236968ead1512d8474404e0d4a1806 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in tkcalenddar (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 325b2ed0fe011dd5d2f571984f69db6e439c5c2647752eabd2b0cb7848e722da Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2326 Malicious code in tkcalenddar (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 325b2ed0fe011dd5d2f571984f69db6e439c5c2647752eabd2b0cb7848e722da Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2318 Malicious code in tkcaledar (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9cb361599ef20186d9cbf356c5a2732c153e0576a344a8b471f8335cf74890db Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2317 Malicious code in tkcaendar (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4e47063955bce27842f4da6dac58c8104eaefdf470e523858772657fe961606f Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2333 Malicious code in tkccalendar (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 254bade3f624909b0affad604dd128b2212d3e5debf35db4303405002ec22a5b Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-1889 Malicious code in kcalendar (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 1450a2f449693cff84949672b75ca2f472d5f7de72d279f609be36ff5d4cb19b Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in tkccalendar (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 254bade3f624909b0affad604dd128b2212d3e5debf35db4303405002ec22a5b Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in tkcalenndar (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3657f1c1724719566871bd93abb04097d923bd1485a87e9661f549a00afa9011 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...