EUVD-2026-34960

The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due to the logjserrors AJAX handler being registered for unauthenticated users via...

Improper Output Neutralization for Logs

Overview org.webjars.npm:morgan is a HTTP request logger middleware for node.js. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the :remote-user token, which extracts the Basic auth username from the Authorization header and writes it to the log...

WordPress plugin Age Verification & Identity Verification by Token of Trust 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Improper Output Handling

Apache Log4j Core is vulnerable to Improper Output Handling. The vulnerability is due to XmlLayout failing to sanitize characters forbidden by the XML 1.0 specification, allowing log messages or MDC values to produce malformed XML or trigger exceptions during logging, which can lead to dropped or...

BIT-GITLAB-2025-12697 Improper Encoding or Escaping of Output in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions...

ROS-20260209-73-0017

PowerDNS Recursor DNS server vulnerability is related to failure to take measures to neutralize special elements in the output data. Exploitation of the vulnerability could allow a remote attacker to affect the integrity and availability of protected information...

CVE-2025-15312 Tanium addressed an improper output sanitization vulnerability in TanOS.

Tanium addressed an improper output sanitization vulnerability in Tanium Appliance...

EUVD-2025-206830

Tanium addressed an improper output sanitization vulnerability in Tanium Appliance...

CVE-2025-15312

The CVE-2025-15312 entry concerns an improper output sanitization vulnerability in Tanium Appliance (TanOS family as per CVE list). The NVD/Tanium records show a network-exposed issue (attack vector: NETWORK) with high privileges required, no user interaction, and a total impact on confidentialit...

Tanium Appliance 安全漏洞

Tanium Appliance is a terminal management and security platform deployed by the American company Tanium. There is a security vulnerability in Tanium Appliance, which stems from improper output cleaning...

PT-2026-6606

Name of the Vulnerable Software and Affected Versions Tanium Appliance affected versions not specified Description Tanium Appliance is affected by an improper output sanitization issue. This could potentially allow for unintended consequences due to unsanitized output. Recommendations At the...

CVE-2026-24426

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...

MiracleLinux 8 : aide-0.16-15.el8_10.2 (AXSA:2025-10798:03)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10798:03 advisory. aide: improper output neutralization enables bypassing CVE-2025-54389 Tenable has extracted the preceding description block directly from the MiracleLinux...

CVE-2019-11547

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues...

CVE-2022-23002

When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be leveraged by an...

RHEL 8 : aide (RHSA-2025:14981)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:14981 advisory. Advanced Intrusion Detection Environment AIDE is a utility that creates a database of files on the system, and then uses that database to ensure fil...

EulerOS 2.0 SP13 : aide (EulerOS-SA-2025-2492)

According to the versions of the aide package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An...

CVE-2025-36159

IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output...

IBM Concert 安全漏洞

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from an improper output neutralization vulnerability that can be exploited by an attacker to cause a forge...

Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-2020-8177)

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...