org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation

An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...

Neo4j Enterprise and Community editions have insufficient escaping of unicode characters in query log

Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat...

CVE-2026-1337 Insufficient escaping of unicode characters in query log

Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat...

CVE-2026-24762 RustFS Logs Sensitive Credentials in Plaintext

RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material access key, secret key, session token to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be...

CVE-2019-18958

Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed...

EUVD-2006-4525

Malware in sbrugna...

EUVD-2016-2018

Malware in sbrugna...

EUVD-2020-17940

Malware in sbrugna...

EUVD-2004-1364

Malware in sbrugna...

EUVD-2017-1453

Malware in sbrugna...

EUVD-2020-1526

Malware in sbrugna...

EUVD-1999-1169

Malware in sbrugna...

EUVD-2022-5244

Malicious code in bioql PyPI...

EUVD-2024-37246

Malicious code in bioql PyPI...

EUVD-2023-2118

Malicious code in bioql PyPI...

EUVD-2024-45989

Malicious code in bioql PyPI...

UBUNTU-CVE-2025-54813

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON...

CVE-2025-52490

An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollectinfooptions.log and syncgateway.log, there are cleartext passwords in redacted and unredacted output...

CVE-2025-53651

Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log...

PT-2025-27867 · Red Hat · Red Hat Openshift Jenkins

Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Jenkins affected versions not specified Description: A flaw was found in the way the bearer token is handled. The bearer token is not obfuscated in the logs, which could pose a high risk if these logs are centralized during...