CVE-2026-5078 morgan vulnerable to Log Forging via unneutralized control characters in :remote-user

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

PT-2026-45901

Name of the Vulnerable Software and Affected Versions morgan versions 1.2.0 through 1.10.1 Description The logging middleware fails to neutralize control characters when the :remote-user token extracts the Basic auth username from the Authorization request header. An unauthenticated attacker can...

PT-2026-37151

Name of the Vulnerable Software and Affected Versions i18next-http-backend versions prior to 3.0.5 Description Versions of the library interpolate the lng and ns values directly into the configured loadPath or addPath URL templates without encoding, validation, or path sanitization. When...

CVE-2026-4276

LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries...

CVE-2025-14684 IBM Maximo Application Suite - Monitor Component uses Log Forging which is vulnerable to .

IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files...

CVE-2025-14684

CVE-2025-14684 affects IBM Maximo Application Suite - Monitor Component. Root cause: improper neutralization of special elements when written to log files, enabling log forgery. Affected versions: Monitor Component 8.10, 8.11, 9.0, 9.1. Remediation/fixes: update to Monitor Component versions 8.10...

CVE-2025-14684 IBM Maximo Application Suite - Monitor Component uses Log Forging which is vulnerable to .

IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses Log Forging which is vulnerable to CVE-2025-14684.

Summary IBM Maximo Application Suite - Monitor Component uses Log Forging which is vulnerable to CVE-2025-14684. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-14684 DESCRIPTION: IBM Maximo Application Suite - Monitor Component could allow an...

TeamViewer DEX Client 安全漏洞

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. A security vulnerability exists in TeamViewer DEX Client, which can be exploited by an attacker to cause log entries to be injected, altered, or forged, affecting log integrity...

CVE-2025-36159

IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output...

CVE-2025-36159

IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output...

CVE-2025-36159

IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output...

CVE-2025-36159

IBM Concert versions 1.0.0–2.0.0 are affected by an improper output neutralization vulnerability that can let a local attacker forge log files to impersonate other users or hide activity. The issue is described as a log-neutralization flaw that enables log tampering via crafted output. Several co...

EUVD-2022-6134

Malicious code in bioql PyPI...

📄 ABB Cylon Aspect 3.08.03 Java/PHP Log Forging

Multiple PHP and Java components across the system fail to properly sanitize user-supplied input before including it in application logs. In PHP, files like supervisorProxy.php directly embed values such as $SERVER'REQUESTURI' and raw POST bodies into log messages without filtering, enabling...

CVE-2024-13949 Log Forging

Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

ABB Cylon Aspect 3.08.03 (Java/PHP) Log Forging

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description Multiple PHP and Java components across the system fail to properly...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Log Forging CVE-2024-35150

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Log Forging CVE-2024-35150. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35150 DESCRIPTION: IBM Maximo Application Suite - Monitor Component does not...

DEBIAN-CVE-2024-1681

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...

CVE-2023-46713

Fortinet FortiWeb is affected by CVE-2023-46713 due to improper output neutralization for logs, enabling forging of traffic logs via a crafted URL. Affected versions: 6.2.0–6.2.8, 6.3.0–6.3.23, 7.0.0–7.0.9, 7.2.0–7.2.5, and 7.4.0. Remediation per vendor sources: upgrade to a version outside these...