Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-117 (日志输出的转义处理不恰当) — Vulnerability Class 81

81 vulnerabilities classified as CWE-117 (日志输出的转义处理不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-6494 Aap-mcp-server: aap mcp server: log injection allows social engineering attacks via unsanitized input — Red Hat Ansible Automation Platform 2 5.3 Medium2026-04-17
CVE-2025-14684 IBM Maximo Application Suite - Monitor Component uses Log Forging which is vulnerable to . — Maximo Application Suite - Monitor Component 4.0 Medium2026-03-25
CVE-2025-59784 Log Pollution - Control Characters Not Escaped — 2N Access Commander 6.5AIMediumAI2026-03-04
CVE-2025-12755 Multiple vulnerabilities in IBM MQ Operator and Queue manager container images — MQ Operator 4.0 Medium2026-02-17
CVE-2025-11537 Keycloak-server: sensitive headers shown in the http access logs — Red Hat Build of Keycloak 5.0 Medium2026-02-10
CVE-2026-1337 Insufficient escaping of unicode characters in query log — Enterprise Edition 6.1AIMediumAI2026-02-06
CVE-2025-66577 cpp-httplib Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust — cpp-httplib 5.3 Medium2025-12-05
CVE-2025-20384 Unauthenticated Log Injection in Splunk Enterprise — Splunk Enterprise 5.3 Medium2025-12-03
CVE-2025-36159 IBM Concert Improper Log Neutralization — Concert 6.2 Medium2025-11-20
CVE-2025-11627 Site Checkup AI Troubleshooting with Wizard and Tips for Each Issue <= 1.47 - Unauthenticated Log File Poisoning — Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue 6.5 Medium2025-10-30
CVE-2025-36081 Multiple Vulnerabilities in IBM Concert Software. — Concert Software 5.3 Medium2025-10-28
CVE-2025-58580 Injection via log file — Enterprise Analytics 6.5 Medium2025-10-06
CVE-2025-10217 Hitachi Energy Asset Suite 安全漏洞 — Asset Suite 4.3AIMediumAI2025-09-30
CVE-2025-54812 Apache Log4cxx: Improper HTML escaping in HTMLLayout — Apache Log4cxx 6.1AIMediumAI2025-08-22
CVE-2025-54813 Apache Log4cxx: Improper escaping with JSONLayout — Apache Log4cxx 5.3AIMediumAI2025-08-22
CVE-2025-54389 AIDE improper output neutralization vulnerability — aide 6.2 Medium2025-08-14
CVE-2025-54656 Apache Struts Extras: Improper Output Neutralization for Logs — Apache Struts Extras 5.3AIMediumAI2025-07-30
CVE-2025-49846 wire-ios accidentally logs message contents — wire-ios 4.6AIMediumAI2025-07-03
CVE-2025-48432 Django 安全漏洞 — Django 4.0 Medium2025-06-05
CVE-2024-13949 Log Forging — ASPECT-Enterprise 6.8 Medium2025-05-22
CVE-2025-3942 Improper Output Neutralization for Logs — Niagara Framework 4.3 Medium2025-05-22
CVE-2025-41429 appleple a-blog cms 安全漏洞 — a-blog cms 4.8 Medium2025-05-19
CVE-2025-36625 Log Poisoning in Nessus — Nessus 4.3 Medium2025-04-18
CVE-2024-52962 Fortinet FortiAnalyzer 安全漏洞 — FortiAnalyzer 5.0 Medium2025-04-08
CVE-2024-9606 Improper Output Neutralization for Logs in berriai/litellm — berriai/litellm 7.5 -2025-03-20
CVE-2024-12580 Logs Debug Injection in danny-avila/librechat — danny-avila/librechat 5.3 -2025-03-20
CVE-2025-25294 Envoy Gateway Log Injection Vulnerability — gateway 5.3 Medium2025-03-06
CVE-2025-23405 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Improper Output Neutralization For Logs — USB-C Blood Glucose Monitoring System Starter Kit Android Applications 5.3 Medium2025-02-28
CVE-2024-49355 IBM OpenPages log manipulation — OpenPages with Watson 5.3 Medium2025-02-20
CVE-2024-56473 IBM Aspera Shares Data Manipulation — Aspera Shares 5.3 Medium2025-02-05

Vulnerabilities classified as CWE-117 (日志输出的转义处理不恰当) represent 81 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.