Total
76 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25184 | 1 Rack | 1 Rack | 2026-06-17 | N/A | 6.5 MEDIUM |
| Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious content into logs. When a user provides the authorization credentials via Rack::Auth::Basic, if success, the username will be put in env['REMOTE_USER'] and later be used by Rack::CommonLogger for logging purposes. The issue occurs when a server intentionally or unintentionally allows a user creation with the username contain CRLF and white space characters, or the server just want to log every login attempts. If an attacker enters a username with CRLF character, the logger will log the malicious username with CRLF characters into the logfile. Attackers can break log formats or insert fraudulent entries, potentially obscuring real activity or injecting malicious data into log files. Versions 2.2.11, 3.0.12, and 3.1.10 contain a fix. | |||||
| CVE-2025-23405 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| Unauthenticated log effects metrics gathering incident response efforts and potentially exposes risk of injection attacks (ex log injection). | |||||
| CVE-2025-20384 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2026-06-17 | N/A | 5.3 MEDIUM |
| In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute (ANSI) escape codes into Splunk log files due to improper validation at the /en-US/static/ web endpoint. This may allow them to poison, forge, or obfuscate sensitive log data through specially crafted HTTP requests, potentially impacting log integrity and detection capabilities. | |||||
| CVE-2025-12755 | 2026-06-17 | N/A | 4.0 MEDIUM | ||
| IBM MQ Operator (SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29) and IBM‑supplied MQ Advanced container images (across affected SC2, CD, and LTS 9.3.x–9.4.x releases) contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized user to inject malicious data into MQ log entries, potentially leading to misleading logs, log manipulation, or downstream log‑processing issues. | |||||
| CVE-2025-11627 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| The Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue plugin for WordPress is vulnerable to log file poisoning in all versions up to, and including, 1.47. This makes it possible for unauthenticated attackers to insert arbitrary content into log files, and potentially cause denial of service via disk space exhaustion. | |||||
| CVE-2025-11537 | 2026-06-17 | N/A | 5.0 MEDIUM | ||
| A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern (such as the pre-defined 'long' pattern), sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with read access to the log files can extract these credentials (e.g., bearer tokens, session cookies) and use them to impersonate users, leading to a full account compromise. | |||||
| CVE-2025-10217 | 2026-06-17 | N/A | N/A | ||
| A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or to inject crafted data in logfile for potentially carrying out further malicious attacks. Performance logging is typically enabled for troubleshooting purposes while resolving application performance related issues. | |||||
| CVE-2025-0754 | 2026-06-17 | N/A | 4.3 MEDIUM | ||
| The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to log injection and spoofing attacks. Such injections can mislead logging mechanisms, enabling attackers to manipulate log entries or execute reflected cross-site scripting (XSS) attacks. | |||||
| CVE-2024-9606 | 1 Litellm | 1 Litellm | 2026-06-17 | N/A | 7.5 HIGH |
| In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount of the secret key. The issue affects version v1.44.9. | |||||
| CVE-2024-9026 | 1 Php | 1 Php | 2026-06-17 | N/A | 3.3 LOW |
| In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability. | |||||
| CVE-2024-8334 | 1 Master-nan | 1 Sweet-cms | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been rated as problematic. This issue affects the function LogHandler of the file middleware/log.go. The manipulation leads to improper output neutralization for logs. The attack may be initiated remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 2024c370e6c78b07b358c9d4257fa5d1be732c38. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2024-8297 | 1 Kitsada8621 | 1 Digital Library Management System | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token_middleware.go. The manipulation of the argument Authorization leads to improper output neutralization for logs. It is possible to launch the attack remotely. The name of the patch is 81b3336b4c9240f0bf50c13cb8375cf860d945f1. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2024-7696 | 1 Axis | 1 Camera Station Pro | 2026-06-17 | N/A | 6.3 MEDIUM |
| Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or perform a Denial-of-Service attack on the AXIS Camera Station server using maliciously crafted audit log entries. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2024-56473 | 1 Ibm | 1 Aspera Shares | 2026-06-17 | N/A | 5.3 MEDIUM |
| IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers. | |||||
| CVE-2024-52962 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2026-06-17 | N/A | 5.3 MEDIUM |
| An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.13 and below and FortiManager version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.12 and below may allow an unauthenticated remote attacker to pollute the logs via crafted login requests. | |||||
| CVE-2024-52891 | 1 Ibm | 1 Concert | 2026-06-17 | N/A | 5.4 MEDIUM |
| IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization. | |||||
| CVE-2024-49355 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2026-06-17 | N/A | 5.3 MEDIUM |
| IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature. | |||||
| CVE-2024-47083 | 1 Microsoft | 1 Power Platform Terraform Provider | 2026-06-17 | N/A | 7.5 HIGH |
| Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive information, specifically the `client_secret` used in the service principal authentication, may be exposed in logs. This exposure occurs due to an error in the logging code that causes the `client_secret` to not be properly masked when logs are persisted or viewed. Users should upgrade to version 3.0.0 to receive a patched version of the provider that removes all logging of sensitive content. Users who have used this provider with the affected versions should take the following additional steps to mitigate the risk: Immediately rotate the `client_secret` for any service principal that has been configured using this Terraform provider. This will invalidate any potentially exposed secrets. Those who have set the `TF_LOG_PATH` environment variable or configured Terraform to persist logs to a file or an external system, consider disabling this until they have updated to a fixed version of the provider. Those who have existing logs that may contain the `client_secret` should remove or sanitize these logs to prevent unauthorized access. This includes logs on disk, in monitoring systems, or in logging services. | |||||
| CVE-2024-45808 | 1 Envoyproxy | 1 Envoy | 2026-06-17 | N/A | 6.5 MEDIUM |
| Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-35150 | 1 Ibm | 1 Maximo Application Suite | 2026-06-17 | N/A | 5.3 MEDIUM |
| IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries. | |||||