CVE-2026-6494

A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the toolsetroute parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control...

CVE-2026-4276

CVE-2026-4276 — LibreChat RAG API 0.7.0 is affected by a log-injection vulnerability caused by improper sanitization of input written to system logs. An authenticated attacker can forge log entries by injecting CRLF characters into the file_id field of a POST request, compromising audit trails. R...

IBM Concert Output Neutralization Malpractice Vulnerability

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from an improper output neutralization vulnerability that can be exploited by an attacker to cause a forge...

IBM Concert 安全漏洞

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from an improper output neutralization vulnerability that can be exploited by an attacker to cause a forge...

EUVD-2025-29721

Malicious code in bioql PyPI...

BIT-JENKINS-2025-59476

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control log message contents to insert line break characters, followed by forged log messages that may...

flask-cors 安全漏洞

Flask-CORS is a cross-origin resource sharing component for Flask. A security vulnerability exists in flask-cors, which stems from improper neutralization of log output, allowing an attacker to corrupt log files, potentially masking the trail of other attacks, obfuscating log processing tools, an...

Flask-CORS 安全漏洞

Flask-CORS is a cross-origin resource sharing component for Flask. A security vulnerability exists in Flask-CORS that stems from a vulnerability to a log injection attack when the log level is set to debug, which can be exploited by an attacker to send a specially crafted GET request that contain...

WordPress plugin All-In-One Security 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Apache, IIS and other http servers allow by sending a carriage return character forged log-vulnerability warning-the black bar safety net

Description: The majority of the http server receives contains%0d%0a the request resolves to a carriage return and in the log wraps, the use of this A feature can be falsification of logs. Details: Most http servers support-such as%0 0 encoding of request, the main purpose is to provide reliable...