31 matches found
Kibana 7.x < 7.17.15 / 8.x < 8.11.1 Log Injection (ESA-2026-53)
The version of Kibana installed on the remote host is 7.x prior to 7.17.15 or 8.x prior to 8.11.1. It is, therefore, affected by a log injection vulnerability: - Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection. An attacker can supply specially crafted input tha...
EUVD-2026-41101
Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection via Log Injection-Tampering-Forging CAPEC-93. An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal tha...
CVE-2025-12755
IBM MQ Operator SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29 and IBM‑supplied MQ Advanced container images across affected SC2, CD, and LTS 9.3.x–9.4.x releases contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized...
CVE-2025-12755
IBM MQ Operator SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29 and IBM‑supplied MQ Advanced container images across affected SC2, CD, and LTS 9.3.x–9.4.x releases contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized...
CVE-2025-12755 Multiple vulnerabilities in IBM MQ Operator and Queue manager container images
IBM MQ Operator SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29 and IBM‑supplied MQ Advanced container images across affected SC2, CD, and LTS 9.3.x–9.4.x releases contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized...
CVE-2025-12755 Multiple vulnerabilities in IBM MQ Operator and Queue manager container images
IBM MQ Operator SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29 and IBM‑supplied MQ Advanced container images across affected SC2, CD, and LTS 9.3.x–9.4.x releases contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized...
CVE-2025-12755
IBM MQ Operator SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29 and IBM‑supplied MQ Advanced container images across affected SC2, CD, and LTS 9.3.x–9.4.x releases contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized...
PT-2026-20223
IBM MQ Operator SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29 and IBM‑supplied MQ Advanced container images across affected SC2, CD, and LTS 9.3.x–9.4.x releases contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized...
CVE-2025-36159
IBM Concert versions 1.0.0–2.0.0 are affected by an improper output neutralization vulnerability that can let a local attacker forge log files to impersonate other users or hide activity. The issue is described as a log-neutralization flaw that enables log tampering via crafted output. Several co...
CVE-2025-36159 IBM Concert Improper Log Neutralization
IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output...
EUVD-2023-50897
Malicious code in bioql PyPI...
EUVD-2024-46202
Malicious code in bioql PyPI...
Improper Output Neutralization for Logs
Overview Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the WeakDecode function when handling malformed input data. An attacker can cause sensitive information to be included in error logs by submitting specially crafted input that triggers error...
CVE-2024-52891
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization...
CVE-2025-41429
a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session...
CVE-2025-41429
a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session...
CVE-2025-41429
a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session...
CVE-2025-41429
a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session...
CVE-2025-41429
a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session...
CVE-2025-41429
CVE-2025-41429 affects a-blog CMS across multiple versions, where improper log neutralization is cited as the underlying issue. The entry notes that exploitation in combination with CVE-2025-36560 could allow a remote unauthenticated attacker to hijack a legitimate user’s session. Connected sourc...