PT-2026-49076

Name of the Vulnerable Software and Affected Versions libreport affected versions not specified Description A content injection issue exists in the ABRT post-create event handler scripts within libreport. The event script retrieves log entries from the systemd journal for crashed processes and...

CVE-2026-50629

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

CVE-2026-50629 Apache CXF: OAuth2: Log Injection via Unsanitized Client Identifier

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

CVE-2026-45803

A flaw was found in GitHub CLI. A remote attacker who can influence GitHub Actions workflow log output could inject terminal escape sequences into workflow logs. When a user views these logs using gh run view --log or gh run view --log-failed, the injected sequences may be replayed by the user's...

Exploit for CVE-2026-6807

This is functional proof of concept code based on the CISA discl...

PT-2025-51853

Mattermost Desktop App versions 6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs...

Linux Distros Unpatched Vulnerability : CVE-2009-4490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - minihttpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly...

USN-7612-1 python-flask-cors vulnerabilities

It was discovered that Flask-CORS did not correctly handle certain regular expressions. A remote attacker could possibly use this issue to leak sensitive information or bypass authentication mechanisms. CVE-2024-6839 It was discovered that Flask-CORS allowed certain CORS headers to be enabled by...

CVE-2020-5225

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...

Insertion Of Sensitive Information Into Log Files

Ray is vulnerable to the insertion of sensitive information into log files. The vulnerability is due to inadequate log sanitization, allowing sensitive credentials like the Redis password to be recorded in standard logs...

Security update for skopeo

This update for skopeo fixes the following issues: CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing them to log files. bsc1227056 CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of...

Sensitive Information Exposure

github.com/updatecli/updatecli is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper log sanitization due to private Maven repository credentials being exposed in logs when a retrieval operation fails...

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...

Cross-Site Scripting (XSS)

@saltcorn/server is vulnerable to stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of event log data, allowing malicious scripts to be stored...

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...

DEBIAN-CVE-2024-6104

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...

CVE-2023-39461

Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required...

CVE-2023-39461

Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required...

PT-2023-29918 · Fog · Fog

Name of the Vulnerable Software and Affected Versions: FOG versions prior to 1.5.10.15 Description: The issue is related to a lack of request sanitization in the logs of FOG, a free open-source cloning/imaging/rescue suite/inventory management system. This allows a malicious request containing XS...