CWE-117: CWE-117

IBM Cognos Analytics versions 11.2.0-11.2.4 and 12.0.0-12.0.2 have improper input validation in application logging, allowing injection attacks. This ...

CVE-2023-3997 is a log file poisoning vulnerability in Splunk SOAR where attackers can inject malicious ANSI escape sequences through web requests. Wh...

This vulnerability allows attackers to inject ANSI escape codes into Splunk log files, which could lead to code execution in vulnerable terminal appli...

CVE-2025-57564 allows unauthenticated attackers to inject arbitrary log entries into CubeAPM production systems via the /api/logs/insert/elasticsearch...

This vulnerability in Apache Log4cxx's JSONLayout allows attackers to inject non-printable characters into log messages, which aren't properly escaped...

This vulnerability in berriai/litellm's logging function only masks the first 5 characters of API keys, exposing nearly the entire secret key in appli...

The Power Platform Terraform Provider versions before 3.0.0 expose service principal client_secret values in logs due to improper masking. This allows...

This vulnerability allows attackers to create arbitrary log entries via an unvalidated API endpoint. Attackers can falsify or dilute logs, compromisin...

This vulnerability allows authenticated attackers to tamper with audit logs or perform denial-of-service attacks on AXIS Camera Station servers by cra...

IBM Concert versions 1.0.0 through 2.0.0 have a log file forgery vulnerability where local users can manipulate log entries to impersonate other users...

CVE-2025-54389 is an improper output neutralization vulnerability in AIDE (Advanced Intrusion Detection Environment) that allows local attackers to hi...

This vulnerability allows cross-site scripting (XSS) attacks when Neo4j query logs containing insufficiently escaped unicode characters are opened in ...

This vulnerability in IBM Concert Software allows authenticated users to inject malicious content into log files or extract sensitive information from...

This vulnerability in cpp-httplib allows attackers to spoof client IP addresses by sending malicious X-Forwarded-For or X-Real-IP headers. This can po...

An unauthenticated attacker can inject ANSI escape codes into Splunk log files via the /en-US/static/ endpoint, allowing them to manipulate or obfusca...

IBM Concert Software versions 1.0.0 through 2.0.0 contain a log injection vulnerability (CWE-117) that allows authenticated users to modify system log...

This vulnerability allows attackers who can control log message content in Jenkins to insert line break characters followed by forged log messages. Th...

An unauthenticated remote attacker can inject malicious content into FortiAnalyzer and FortiManager logs via crafted login requests. This log pollutio...

This CVE describes a log injection vulnerability in LibreChat where unvalidated parameters in download APIs allow attackers to inject malicious conten...

This vulnerability involves improper output neutralization for logs (CWE-117) in DarioHealth medical devices, allowing unauthenticated attackers to in...

IBM OpenPages with Watson versions 8.3 and 9.0 may write improperly neutralized data to server log files when System Tracing is enabled. This could al...

IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6 improperly validate 'Client-IP' headers, allowing attackers to spoof their IP addresses in log fil...

This vulnerability in kitsada8621 Digital Library Management System 1.0 allows attackers to inject malicious content into application logs through the...

IBM Cognos Controller versions 10.4.1, 10.4.2, and 11.0.0 are vulnerable to injection attacks in application logging due to improper sanitization of u...

Keycloak versions with verbose logging patterns (like 'long') expose sensitive headers including Authorization and Cookie in cleartext logs. Attackers...

This vulnerability in Triangle MicroWorks SCADA Data Gateway allows authenticated remote attackers to write arbitrary files to the system by exploitin...

This vulnerability allows unauthenticated attackers to manipulate Nessus logging entries by sending specially crafted HTTP requests. It affects Nessus...

This vulnerability in OpenShift Service Mesh allows attackers to inject malicious payloads into HTTP headers, specifically x-forwarded-for, which can ...

This vulnerability allows remote attackers to inject malicious content into application logs through improper output neutralization in Sweet-CMS's Log...

IBM MQ Operator and container images have a log injection vulnerability where log messages aren't properly sanitized before being written to log files...

A log injection vulnerability in Django allows attackers to manipulate HTTP response logging by sending crafted URLs. This could corrupt log files or ...