Lucene search
K

839 matches found

Nuclei
Nuclei
added 11 hours ago59 views

pyload - Log Injection

A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. id: CVE-2024-21645 info: name: pyload - Log Injection author: isacaya severity: medium description: | A log injection...

5.3CVSS6.2AI score0.24513EPSS
Exploits1References3
NVD
NVD
added yesterday4 views

CVE-2026-49091

Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection via Log Injection-Tampering-Forging CAPEC-93. An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal tha...

8CVSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-41101

Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection via Log Injection-Tampering-Forging CAPEC-93. An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal tha...

8CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday26 views

CVE-2026-49091 Improper Output Neutralization for Logs in Kibana Leading to Log Injection

Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection via Log Injection-Tampering-Forging CAPEC-93. An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal tha...

8CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-49091

CVE-2026-49091 affects Kibana and is caused by improper output neutralization for logs (CWE-117), enabling log injection when log content is viewed in terminals that interpret control sequences. Affected: Kibana 7.x up to 7.17.14 and 8.x up to 8.11.0. Remedies: upgrade to 7.17.15 or 8.11.1; mitig...

8CVSS5.8AI score
Exploits0References1Affected Software1
CVE
CVE
added 3 days ago11 views

CVE-2026-12616

The CVE describes a vulnerability in the /v1/upload/sbom endpoint where the iss claim from an attacker-supplied JWT is read with signature verification disabled and interpolated into log statements before validation. The log format renders newlines literally, allowing an unauthenticated attacker ...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 9:16 a.m.11 views

CVE-2026-10745

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1...

7.9CVSS0.00264EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:4 a.m.6 views

CVE-2026-10745

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1...

7.9CVSS5.9AI score0.00264EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 8:4 a.m.13 views

EUVD-2026-38731

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1...

7.9CVSS5.9AI score0.00264EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 8:4 a.m.33 views

CVE-2026-10745

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1...

7.9CVSS0.00264EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 8:4 a.m.14 views

CVE-2026-10745

CVE-2026-10745 affects upKeeper Solutions a.k.a. upKeeper Instant Privilege Access on Windows, vulnerable through version 1.6.1. Root cause: improper output neutralization in logs (log injection/tampering/forging). Reported impact per metrics indicates high risk for subsequent system confidential...

7.9CVSS5.9AI score0.00264EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51738

Name of the Vulnerable Software and Affected Versions upKeeper Instant Privilege Access versions prior to 1.6.2 Description Improper output neutralization for logs in upKeeper Instant Privilege Access on Windows enables Log Injection, Tampering, and Forging. This occurs when the application fails...

7.9CVSS5.8AI score0.00264EPSS
Exploits0References7
NVD
NVD
added 2026/06/22 2:17 p.m.12 views

CVE-2026-56425

The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...

9.3CVSS0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 12:25 p.m.11 views

EUVD-2026-38228

The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...

9.3CVSS5.9AI score0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 12:25 p.m.27 views

CVE-2026-56425 MISP AAD authentication plugin - Improper OAuth State Handling, Missing Session Rotation, Insecure Redirect URI Validation, and Log Injection

The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...

9.3CVSS0.00258EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 12:25 p.m.12 views

CVE-2026-56425

CVE-2026-56425 affects the AAD authentication plugin for MISP (OAuth 2.0). The vulnerability stems from using session_id() as the OAuth state parameter, lack of session rotation after login, no dedicated nonce for the state, and not enforcing HTTPS for the redirect URI. Additional issue: OAuth er...

9.3CVSS5.9AI score0.00258EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/16 9:2 p.m.10 views

GHSA-7CX2-G3H9-382P Crawl4AI: Arbitrary file write (symlink/TOCTOU) plus log and webhook-header injection in Docker server

Summary Three backward-compatible hardening fixes in the Docker API server. The headline issue is an arbitrary file write via the screenshot/PDF outputpath. 1. Arbitrary file write via outputpath symlink / TOCTOU primary POST /screenshot and POST /pdf accept an outputpath constrained to...

8.1CVSS5.7AI score0.00656EPSS
Exploits0References5
NVD
NVD
added 2026/06/12 10:16 a.m.10 views

CVE-2026-50629

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

5.3CVSS0.0047EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 8:57 a.m.21 views

CVE-2026-50629

The CVE-2026-50629 issue affects Apache CXF’s OAuth2 server where the 'clientId' from HTTP requests is concatenated into log warning messages without sanitizing control characters. This creates log injection risk by allowing arbitrary content in logs. Root cause: unsanitized control characters in...

5.3CVSS5.4AI score0.0047EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 8:57 a.m.9 views

CVE-2026-50629 Apache CXF: OAuth2: Log Injection via Unsanitized Client Identifier

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

5.3AI score0.0047EPSS
Exploits0References1
Rows per page
Query Builder