CVE-2026-45803

A flaw was found in GitHub CLI. A remote attacker who can influence GitHub Actions workflow log output could inject terminal escape sequences into workflow logs. When a user views these logs using gh run view --log or gh run view --log-failed, the injected sequences may be replayed by the user's...

Exploit for CVE-2026-6807

This is functional proof of concept code based on the CISA discl...

PT-2025-51853

Mattermost Desktop App versions 6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs...

Linux Distros Unpatched Vulnerability : CVE-2009-4490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - minihttpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly...

USN-7612-1 python-flask-cors vulnerabilities

It was discovered that Flask-CORS did not correctly handle certain regular expressions. A remote attacker could possibly use this issue to leak sensitive information or bypass authentication mechanisms. CVE-2024-6839 It was discovered that Flask-CORS allowed certain CORS headers to be enabled by...

CVE-2020-5225

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...

Insertion Of Sensitive Information Into Log Files

Ray is vulnerable to the insertion of sensitive information into log files. The vulnerability is due to inadequate log sanitization, allowing sensitive credentials like the Redis password to be recorded in standard logs...

Security update for skopeo

This update for skopeo fixes the following issues: CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing them to log files. bsc1227056 CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of...

Sensitive Information Exposure

github.com/updatecli/updatecli is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper log sanitization due to private Maven repository credentials being exposed in logs when a retrieval operation fails...

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...

Cross-Site Scripting (XSS)

@saltcorn/server is vulnerable to stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of event log data, allowing malicious scripts to be stored...

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...

DEBIAN-CVE-2024-6104

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...

CVE-2023-39461

Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required...

CVE-2023-39461

Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required...

PT-2023-29918 · Fog · Fog

Name of the Vulnerable Software and Affected Versions: FOG versions prior to 1.5.10.15 Description: The issue is related to a lack of request sanitization in the logs of FOG, a free open-source cloning/imaging/rescue suite/inventory management system. This allows a malicious request containing XS...

SUSE CVE-2013-1862

modrewrite.c in the modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator...

PT-2022-20596 · Next-Auth · Next-Auth

Name of the Vulnerable Software and Affected Versions: next-auth versions prior to v4.10.2 next-auth versions prior to v3.29.9 Description: An information disclosure issue allows an attacker with log access privilege to obtain excessive information, such as an identity provider's secret in the lo...

CVE-2019-10213

OpenShift Container Platform (versions 4.1–4.2) is affected by CVE-2019-10213: secret data written to pod logs is not sanitized when an operator runs at Debug level or higher, enabling a low-privilege user to read sensitive material from logs. Root cause: unsanitized secrets in logs. Impact: info...