Lucene search
K

31 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago5 views

Kibana 7.x < 7.17.15 / 8.x < 8.11.1 Log Injection (ESA-2026-53)

The version of Kibana installed on the remote host is 7.x prior to 7.17.15 or 8.x prior to 8.11.1. It is, therefore, affected by a log injection vulnerability: - Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection. An attacker can supply specially crafted input tha...

8CVSS6.2AI score0.00201EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 5:21 p.m.6 views

EUVD-2026-41101

Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection via Log Injection-Tampering-Forging CAPEC-93. An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal tha...

8CVSS5.8AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/18 7:30 p.m.7 views

CVE-2025-12755

IBM MQ Operator SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29 and IBM‑supplied MQ Advanced container images across affected SC2, CD, and LTS 9.3.x–9.4.x releases contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized...

4CVSS5.5AI score0.00108EPSS
Exploits0References1
NVD
NVD
added 2026/02/17 7:21 p.m.5 views

CVE-2025-12755

IBM MQ Operator SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29 and IBM‑supplied MQ Advanced container images across affected SC2, CD, and LTS 9.3.x–9.4.x releases contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized...

4CVSS0.00108EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/17 6:49 p.m.28 views

CVE-2025-12755 Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

IBM MQ Operator SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29 and IBM‑supplied MQ Advanced container images across affected SC2, CD, and LTS 9.3.x–9.4.x releases contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized...

4CVSS0.00108EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/17 6:49 p.m.5 views

CVE-2025-12755 Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

IBM MQ Operator SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29 and IBM‑supplied MQ Advanced container images across affected SC2, CD, and LTS 9.3.x–9.4.x releases contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized...

4CVSS5.5AI score0.00108EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/17 6:49 p.m.5 views

CVE-2025-12755

IBM MQ Operator SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29 and IBM‑supplied MQ Advanced container images across affected SC2, CD, and LTS 9.3.x–9.4.x releases contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized...

4CVSS5.5AI score0.00108EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.19 views

PT-2026-20223

IBM MQ Operator SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29 and IBM‑supplied MQ Advanced container images across affected SC2, CD, and LTS 9.3.x–9.4.x releases contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized...

4CVSS5.5AI score0.00108EPSS
Exploits0References2
CVE
CVE
added 2025/11/20 9:17 p.m.15 views

CVE-2025-36159

IBM Concert versions 1.0.0–2.0.0 are affected by an improper output neutralization vulnerability that can let a local attacker forge log files to impersonate other users or hide activity. The issue is described as a log-neutralization flaw that enables log tampering via crafted output. Several co...

6.2CVSS5.3AI score0.00101EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/11/20 9:17 p.m.9 views

CVE-2025-36159 IBM Concert Improper Log Neutralization

IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output...

6.2CVSS0.00101EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-50897

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00478EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-46202

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00255EPSS
Exploits0References1
Snyk
Snyk
added 2025/08/21 2:37 p.m.2 views

Improper Output Neutralization for Logs

Overview Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the WeakDecode function when handling malformed input data. An attacker can cause sensitive information to be included in error logs by submitting specially crafted input that triggers error...

6CVSS6.7AI score0.00357EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 6:59 a.m.5 views

CVE-2024-52891

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization...

5.4CVSS6.3AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:17 a.m.6 views

CVE-2025-41429

a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session...

9.2CVSS7.4AI score0.00463EPSS
Exploits0References1
OSV
OSV
added 2025/05/19 9:15 a.m.5 views

CVE-2025-41429

a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session...

9.8CVSS5.8AI score0.0036EPSS
Exploits0References2
NVD
NVD
added 2025/05/19 9:15 a.m.15 views

CVE-2025-41429

a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session...

9.8CVSS0.0036EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/19 8:7 a.m.8 views

CVE-2025-41429

a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session...

4.8CVSS6.7AI score0.0036EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/19 8:7 a.m.23 views

CVE-2025-41429

a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session...

4.8CVSS0.0036EPSS
Exploits0References2
CVE
CVE
added 2025/05/19 8:7 a.m.29 views

CVE-2025-41429

CVE-2025-41429 affects a-blog CMS across multiple versions, where improper log neutralization is cited as the underlying issue. The entry notes that exploitation in combination with CVE-2025-36560 could allow a remote unauthenticated attacker to hijack a legitimate user’s session. Connected sourc...

9.8CVSS7.3AI score0.0036EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder